[c-nsp] Campus Network - Deployment mode of Perimeter Firewalls
Nick Hilliard
nick at foobar.org
Tue Aug 11 05:34:14 EDT 2020
Yham wrote on 11/08/2020 04:33:
> Thanks for your comments. I kinda agree with you on avoid using
> transparent mode however not clear why you wouldn't want your
> north-south traffic pass through perimeter security devices (FWs). how
> would you protect your network from outside if you don't have firewalls
> in the traffic path? I have seen some enterprises use by-pass switches
> to go around the firewalls in case of an unexpected failure from where
> firewalls can't recover.
I missed that this was a campus network, and assumed it was a service
provider.
Yeah, politically credible reasons for wanting some or all parts of a
campus behind firewalls of whatever form. It's a completely terrible
idea if you're a service provider though.
Nick
More information about the cisco-nsp
mailing list