[c-nsp] Campus Network - Deployment mode of Perimeter Firewalls

[Keith Medcalf]

What is the difference?  Does not the "campus network" provide a
service?

-- 
Be decisive.  Make a decision, right or wrong.  The road of life is
paved with flat squirrels who could not make a decision.

>-----Original Message-----
>From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Nick
>Hilliard
>Sent: Tuesday, 11 August, 2020 03:34
>To: Yham <yhameed81 at gmail.com>
>Cc: cisco-nsp at puck.nether.net NSP <cisco-nsp at puck.nether.net>
>Subject: Re: [c-nsp] Campus Network - Deployment mode of Perimeter
>Firewalls
>
>Yham wrote on 11/08/2020 04:33:
>> Thanks for your comments. I kinda agree with you on avoid using
>> transparent mode however not clear why you wouldn't want your
>> north-south traffic pass through perimeter security devices (FWs).
how
>> would you protect your network from outside if you don't have
firewalls
>> in the traffic path? I have seen some enterprises use by-pass
switches
>> to go around the firewalls in case of an unexpected failure from
where
>> firewalls can't recover.
>
>I missed that this was a campus network, and assumed it was a service
>provider.
>
>Yeah, politically credible reasons for wanting some or all parts of a
>campus behind firewalls of whatever form.  It's a completely terrible
>idea if you're a service provider though.
>
>Nick
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/