|
Firewall Wizards
mailing list archives
Re: stealth firewalls
From: "Volker Tanger" <volker.tanger () discon de>
Date: Thu, 17 Jan 2002 09:53:15 +0100
Greetings!
Irwin Lazar wrote:
I'm reading up a bit on stealth mode firewalls and was wondering what the
industry view is toward these types of boxes. From my research, stealth
mode firewalls act as LAN switches or bridges, and do not actively modify
the packets they process (such as decrementing TTL). Is this correct?
Usually bridges, yes.
It seems there are some obvious advantages to stealth mode firewalls since
they are completely hidden at the IP layer, but I'm wondering if there are
any significant drawbacks.
One major drawback is that they - by their very concept - don't do
routing. If you have more than 2 interfaces ("inside" and "outside")
that is a major problem. Plus you then need a lot of routers. One of our
multi-network customers has 10+ networks in the same house to be
separated - one multi-NIC non-stealth firewall - or one stealth FW plus
10+ routers. Guess what is easier to manage...
Second problem is doing VPN - or: not! Without a (visible) VPN peer
there is no VPN to be established.
> It seems that products are limited, only Sun's
> SunScreen & BSD Linux support this functionality.
Lucent Bricks are appliances.
--
Volker Tanger <volker.tanger () discon de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
