Re: [fw-wiz] How automate firewall tests
-------- Original Message --------
From: [email]email@example.com[/email] (Jim Seymour)
Subject: Re:[fw-wiz] How automate firewall tests
Date: Wed Aug 23 17:49:46 2006
> "R. DuFresne" <firstname.lastname@example.org> wrote:
>> On Fri, 18 Aug 2006, Keith A. Glass wrote:
>>> Well. . .we packet-filter at the border routers and switches prior to the
>>> border firewall to take some of the load off. . .but then ALL our routers
>>> set to packet filter as an additional security measure. . .
>> It might amaze a number of folks to learn how uncommon this setup is these
> In a way it amazes me, and in a way it does not. It amazes me in that
> it's such a logical thing to do, I'm at a loss as to understand why
> somebody wouldn't. (I'm speaking in general terms. I'm sure there are
> perfectly valid exceptions.) It does not amaze me in that I've come to
> the conclusion that competence is (increasingly) a rare thing.
> The router needs to protect itself. The router can also aid in the
> protection of the firewall. The router can also take some of the load
> off the firewall.
Like everything else, you have to plan this well. If you end up with
too many redundant rules on different network equipment, you give
yourself a management headache.
Haim (Howard) Roman
Computer Center, Jerusalem College of Technology
firewall-wizards mailing list