Skip to main content

Dynamic routing and Firewalls

My mate Wimpie wrote to me with the following comment about dynamic routing and firewalls:
"I cannot see any real reason why it should not participate in dynamic routing. I know if you talk to most security people they will say it should not. I cannot understand that. Most of the discussion I have read or heard justifies this view by saying that the firewall should never act as a router. Again I do not understand that because in my mind in reality the Firewall is logically performing a routing function no matter how you look at it. I also think this is an historical issue. The vendors that produce routers / firewalls are at fault as well. Many moons ago these function were supplied by dedicated firewalls / routers as no alternatives existed. However now these functions can be handled on one platform but people / vendors are still stuck in the past. They are still telling people the same thing which was true 10 years ago.
The only issue in my mind is that you should secure the routing protocol by using authentication. It also provides higher levels of overall availability if you ask me. You will still need statics on most firewalls when you do NAT for say DMZ devices behind it. However in the data centre role, I cannot see that this would be required if it sits in the core before internal servers."

I agree with Wimpie's views. Now all I have to do his convince him to become a blogger!!!


Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?