[146539] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Ray Soucy)
Tue Nov 15 13:32:58 2011
In-Reply-To: <6B29C0B1-6852-46CB-B3EB-1F91AF18A7B8@ukbroadband.com>
Date: Tue, 15 Nov 2011 13:32:48 -0500
From: Ray Soucy <rps@maine.edu>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Nov 15, 2011 at 5:57 AM, Leigh Porter
<leigh.porter@ukbroadband.com> wrote:
> As somebody else mentioned on this thread, a NAT box with private space on one side fails closed.
This is a myth; just like NAT provides security is a myth.
It doesn't matter if your firewall performs NAT or not; if it fails,
traffic will more than likely stop flowing.
The conditions for a non-NAT firewall to fail open are very specific.
You often need to engineer it to have that functionality.
Either type of firewall system can be designed to fail open or fail closed.
--
Ray Soucy
Epic Communications Specialist
Phone: +1 (207) 561-3526
Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/
