[c-nsp] Campus Network - Deployment mode of Perimeter Firewalls
Gert Doering
gert at greenie.muc.de
Tue Aug 11 03:17:34 EDT 2020
Hi,
On Mon, Aug 10, 2020 at 11:33:06PM -0400, Yham wrote:
> Thanks for your comments. I kinda agree with you on avoid using transparent
> mode however not clear why you wouldn't want your north-south traffic pass
> through perimeter security devices (FWs). how would you protect your
> network from outside if you don't have firewalls in the traffic path? I
> have seen some enterprises use by-pass switches to go around the firewalls
> in case of an unexpected failure from where firewalls can't recover.
What is the point of a firewall in front of a web server?
The web server should not have any services running besides "web", and
these have to be available from the outside.
Adding a firewall means "you put a device in front of it that can handle
less load and costs more" - but where's the security gain?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20200811/ec5b74de/attachment.sig>
More information about the cisco-nsp
mailing list