On Wed, Nov 14, 2007 at 02:58:37PM +1100, Kelly Robinson wrote:
> Some firewalls, after receiving a packet, generate a new packet and populate
> it with data from the original, rather than forwarding the same packet that
> was received. What are the advantages and disadvantages of this approach?
> And does anyone have any examples of any firewalls that do this on the
> market?


I guess all proxying fireawalls like the original fwtk do this.

Advantage:

Your firewall is more trusted not to do funky stuff
that might upset internal servers.

Directly concomitant disadvantage:

The packet may not be an entirely faithful
version of the original (besides the obvious
source addr/port)




_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards