Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Firewall opinions wanted please

  • From: Rachael Treu
  • Date: Wed Mar 17 15:21:09 2004


"Firewall" refers to access control.  Firewall appliances are dedicated
machines that perform firewall functions.

ACLs on many router platforms are called firewalls.  Juniper calls them
"firewall filters."

My personal context was covered in a reply I sent earlier in this thread
that read:

"Firewalls are logical interventions, costing as little as some processor
overhead.  Dedicated appliances are only one deployment.  Filters on
routers also qualify as firewalls."  

So...I don't disagree with you at all...

--ra

On Wed, Mar 17, 2004 at 06:33:54PM -0000, Matt Ryan said something to the effect of:
> 
> Depending on your chosen vendor the ACL cost is unlikely to be $0 - if you
> steal CPU cycles from packet forwarding then you incur earlier router
> upgrade costs and that has a NPV cost increase associated with it. It's just
> not as obvious as a invoice for a firewall.
> 
> 
> Matt.
> 
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Eric Gauthier
> Sent: 17 March 2004 17:20
> To: nanog@merit.edu
> Subject: Re: Firewall opinions wanted please
> 
> 
> 
> > > _Everyone_ (network connected) should have a firewall.  My grandma
> should 
> > > have a firewall.  Nicole, holding dominion over this business network
> and 
> > > its critical infrastructure, should _definitely_ have a firewall.  ;)
> 
> By "firewall", do you mean "dedicated unit that does statefull filtering"
> or just "something that will block packets"?  We've successfully argued
> to just about every group here at our University who came to us asking for a
> 
> "firewall" that, given what they wanted to achieve, they could accomplish
> the 
> same thing with simple ACLs...  
> 
> I'm sure that the cost of the ACL's (i.e. $0.00) versus the cost of a
> firewall 
> also helped them in their decision...
> 
> Eric :)
> 
> ------------------------------------------------------------------------------
> Live Life in Broadband
> www.telewest.co.uk
> 
> 
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
> Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.
> 
> ==============================================================================

-- 
rachael treu       rara@navigo.com
..quis costodiet ipsos custodes?..





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.