Re: Dynamic routing on firewalls.

[Owen DeLong <owen () delong com>]

A good firewall can also be a good router.

Of course you can find firewalls that are crappy routers and you can find routers that are crappy firewalls, but 
generally, the two are not mutually exclusive.

Owen

> On Feb 6, 2015, at 08:39 , Bill Thompson <Billt () mahagonny com> wrote:
>
> Just because a cat has kittens in the oven, you don't call them biscuits. A firewall can route, but it is not a 
> router. Both have specialized tasks. You can fix a car with a swiss army knife, but why would you want to?
> -- 
> Bill Thompson
> billt () mahagonny com
>
> On February 5, 2015 7:19:43 PM PST, Jeff McAdams <jeffm () iglou com> wrote:
> > On Thu, February 5, 2015 20:02, Joe Hamelin wrote:
> > > > On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer <rmayer () nerd-residenz de>
> > > > wrote:
> > > > a router is a router and a firewall is a firewall. Especially a
> > Cisco ASA
> > > > is no router, period.
> > >
> > > Man-o-man did I find that out when we had to renumber our network
> > after
> > > we got bought by the French.
> >
> > > Oh, I'll just pop on a secondary address on this interface... What?
> >
> > > Needed to go through fits just to get a hairpin route in the thing.
> >
> > > The ASA series is good at what it does, just don't plan on it acting
> > like
> > > router IOS.
> >
> > Sorry, but I'm with Owen.
> >
> > Square : Rectangle :: Firewall : Router
> >
> > A firewall is a router, despite how much so many security folk try to
> > deny
> > it.  And firewalls that seem to try to intentionally be crappy routers
> > (ie, ASAs) have no place in my network.
> >
> > If it can't be a decent router, then its going to suck as a firewall
> > too,
> > because a firewall has to be able to play nice with the rest of the
> > network, and if they can't do that, then I have no use for them.  I'll
> > get
> > a firewall that does.