RE: OSPF on Firewall

["Carroll, Shawn" <SCarroll () chittenden com>]

First I would analyze, or be confident of, my need to run a routing protocol between the two routers.  If you need a 
boundary, why specifically wouldn't default or static routing be desirable?  Is there multiple paths between these two? 
 Do the networks reachable on either side change often enough for a dynamic routing protocol to be a good solution?

Second, if there's machines, subnets, or TCP/IP ports that need to be excluded or allowed, why wouldn't access lists 
applied to an interface of the existing routers be sufficient, even desireable?

My hunch is that if you back up one step and ask what it is you're trying to do, the best answer won't be to stick a 
firewall in the middle of two OSPF routers in the same area.  (feel free to reply on- or off-list with specifics about 
topology and goals)

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com
> [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Shimon
> Silberschlag
> Sent: Wednesday, December 17, 2003 3:02 AM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] OSPF on Firewall
>
>
> Lets say that I have two routers (on an internal network) 
> that talk OSPF
> between them.
>
> Now I have to insert a firewall in-between the two routers.
>
> I am led to believe (by the Communications people I work 
> with) that there is
> no other option but to install OSPF on the firewall, which 
> doesn't make me
> feel easy about the solution.
>
> Is it true that there is no other way around this problem?
>
> TIA,
>
> Shimon Silberschlag
>
> +972-3-9351572
> +972-51-207130
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards