Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Firewall in Routers??

  • From: Andrew Smith
  • Date: Mon Mar 03 21:53:54 1997

> Just to throw in a little bit more info..
> 
> Theres little comparrison between the two.
> PIX is more of an address translation unit with firewalling
> capabilities.
> Firewall-1 is a fully functional Firewall with limited address
> translation. 
> 
> i.e. PIX has a pool of IP addresses.. true address translation.
> Firewall-1 does address 'hiding' making it look to the external world
> like all connects come from a single IP.

Actually, hide mode is only one of the options in FW-1. You can do
a static one-to-one allocation (but not dynamically).

> I tend to prefer to keep routers as routers and firewalls as firewalls,
> it reduces the CPU overhead, Problem Determination is easier, and 
> configurations are kept in a distinct logical box.
> Of course this is at the expense of cost, and space.

Agreed...but in certain situations, ie a widely diverse network,
to follow this purist paradigm, you really need a separate firewall/
uniquely routed subnet. If someone has a 75XX with a T1 Internet
connection, why not let the extra CPU go towards firewall functions.
Granted, you are very limited in logging, authentication, and
proxies or content monitoring, but such capabilities could be made
with proprietary communication to a central firewall/management
server...but then you are really straying away from IOS/whatever OS
each router uses.  In short, if it's built, someone will buy it.
Is it enough people to pay for the development/political maneuvering?
 
---------------------------------------------------------------------------
Andrew Smith ** awsmith@neosoft.com ** Network Engineer ** 1-888-NEOSOFT
       ** "Opportunities multiply as they are seized" - Sun Tzu **
            ** http://www.neosoft.com/neosoft/staff/andrew ** 
---------------------------------------------------------------------------
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.