"R. DuFresne" wrote:
> On Fri, 18 Aug 2006, Keith A. Glass wrote:

> > Well. . .we packet-filter at the border routers and switches prior to the
> > border firewall to take some of the load off. . .but then ALL our routers
> > are
> > set to packet filter as an additional security measure. . .
> >
> >

> It might amaze a number of folks to learn how uncommon this setup is these
> days.


In a way it amazes me, and in a way it does not. It amazes me in that
it's such a logical thing to do, I'm at a loss as to understand why
somebody wouldn't. (I'm speaking in general terms. I'm sure there are
perfectly valid exceptions.) It does not amaze me in that I've come to
the conclusion that competence is (increasingly) a rare thing.

The router needs to protect itself. The router can also aid in the
protection of the firewall. The router can also take some of the load
off the firewall.

firewall-wizards mailing list