Firewall Wizards mailing list archives

Re: OSPF on Firewall

From: Luke Butcher <luke.butcher () alphawest com au>
Date: Thu, 18 Dec 2003 08:53:08 +1100


On Wed, 2003-12-17 at 19:01, Shimon Silberschlag wrote:

Lets say that I have two routers (on an internal network) that talk OSPF
between them.
Now I have to insert a firewall in-between the two routers.

I am led to believe (by the Communications people I work with) that there is
no other option but to install OSPF on the firewall, which doesn't make me
feel easy about the solution.

Is it true that there is no other way around this problem?


Firstly I would highly recommend AGAINST installing routing protocols on
your firewalls. The Pros and Cons have been debated here many times.

I don't see why you just can't pass the OSPF traffic through the
firewall, using a GRE tunnel. Being able to setup a GRE tunnel is
dependent on your routers however. 

Regards,
Luke Butcher
Network/Security Consultant
www.alphawest.com.au
--


Alphawest Disclaimer

---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster () alphawest com au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX inside interface not accessible using CVPN JC Marze (Dec 13)
- OSPF on Firewall Shimon Silberschlag (Dec 17)
  - Re: OSPF on Firewall Paul Robertson (Dec 17)
  - RE: OSPF on Firewall Ran Nahmias (Dec 17)
  - Re: OSPF on Firewall Luke Butcher (Dec 17)
  - Re: OSPF on Firewall Gary Flynn (Dec 17)
  - RE: OSPF on Firewall Wes Noonan (Dec 17)