mailing list archives
RE: BGP and Firewalls...
From: "Holmes,David A" <dholmes () mwdh2o com>
Date: Wed, 7 Dec 2011 10:19:58 -0800
My concern is whether or not consolidating border router and firewall functions in the same device violates, if not
explicitly, then the spirit of the "defense in depth" Internet edge design principle. Here is a link to a Department of
Homeland Security document where this is discussed (for control systems, but has general application), but not
addressed directly: http://www.inl.gov/technicalpublications/Documents/3375141.pdf
The old Checkpoint/Nokia firewalls consolidated routing and firewall functions, but the question is one of layered
defenses, such that it seems intuitive that it is inherently more difficult for the bad actor to penetrate network
defenses the more devices that have to be penetrated.
From: Gregory Croft [mailto:gcroft () shoremortgage com]
Sent: Wednesday, December 07, 2011 10:04 AM
To: Christopher Morrow
Cc: nanog () nanog org
Subject: RE: BGP and Firewalls...
I'm not having problems... Well, not yet anyways. :)
Just investigating to see if there is a reason I shouldn't use a
firewall at the edge versus a dedicated router as well as to see if
anyone can share their specific experience with the PAN devices.
From: christopher.morrow () gmail com [mailto:christopher.morrow () gmail com]
On Behalf Of Christopher Morrow
Sent: Wednesday, December 07, 2011 12:44 PM
To: Gregory Croft
Cc: nanog () nanog org
Subject: Re: BGP and Firewalls...
On Wed, Dec 7, 2011 at 12:31 PM, Gregory Croft
<gcroft () shoremortgage com> wrote:
Does anyone have any experience with using firewalls as edge devices
when BGP is concerned?
Specifically the Palo Alto series of devices.
nokia/checkpoint has done this for ages. what's the problem you have?
This communication, together with any attachments or embedded links, is for the sole use of the intended recipient(s)
and may contain information that is confidential or legally protected. If you are not the intended recipient, you are
hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is
strictly prohibited. If you have received this communication in error, please notify the sender immediately by return
e-mail message and delete the original and all copies of the communication, along with any attachments or embedded
links, from your system.
Re: BGP and Firewalls... David (Dec 08)
Re: BGP and Firewalls... Colin Alston (Dec 16)