Firewall Wizards mailing list archives

Re: Firewall routing thought...

From: Ng Pheng Siong <ngps () netmemetic com>
Date: Fri, 9 Jul 2004 09:29:54 +0800

On Thu, Jul 08, 2004 at 05:19:45PM +0200, Ben Nagy wrote:

I'm not much of a fan of the maintainability of static routes either,
though. Basically, you may choose your poison. A third poison you didn't
mention is dynamic routing, which fixes the routing optimisation _and_ the
manageability. Sadly it totally _screws_ the security, so as poisons go it's
pretty...um...poisonous.


I suppose you will like some load balancing "solutions" even less, which
require static ARPing or flooding their interconnecting switches so that
these turn into hubs!


-- 
Ng Pheng Siong <ngps () netmemetic com> 

http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control 
http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Firewall routing thought... Eric Appelboom (Jul 06)
- Re: Firewall routing thought... Gwendolynn ferch Elydyr (Jul 08)
  - RE: Firewall routing thought... Ben Nagy (Jul 08)
    - Re: Firewall routing thought... Ng Pheng Siong (Jul 09)
  - Re: Firewall routing thought... Ng Pheng Siong (Jul 08)
  - Re: Firewall routing thought... Devdas Bhagat (Jul 08)
    - Re: Firewall routing thought... Ng Pheng Siong (Jul 13)
  - Multiple separate Ethernet switches in a single chassis? Brent Chapman (Jul 08)
- <Possible follow-ups>
- Re: Firewall routing thought... Dana Nowell (Jul 08)
  - Re: Firewall routing thought... Gwendolynn ferch Elydyr (Jul 08)
    - Re: Firewall routing thought... Mark (Jul 09)