[147350] in North American Network Operators' Group
Re: BGP and Firewalls...
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Dec 7 15:44:57 2011
In-Reply-To: <1F4D60B00DE5FB42AD4BB2BC06DC3092207092FB@mail.shoremortgage.com>
Date: Wed, 7 Dec 2011 15:43:44 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Gregory Croft <gcroft@shoremortgage.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Dec 7, 2011 at 1:04 PM, Gregory Croft <gcroft@shoremortgage.com> wr=
ote:
> I'm not having problems... Well, not yet anyways. =A0:)
>
> Just investigating to see if there is a reason I shouldn't use a
> firewall at the edge versus a dedicated router as well as to see if
> anyone can share their specific experience with the PAN devices.
do you have power or space concerns?
do you want to have a single point of failure?
do you want to have some limitations in what your devices can effectively d=
o?
you probably want to be able to fail the firewall and maintain some
level of access to the site (the router), you may want to fail the
router but still maintain local network services from the router
south.
don't put all your eggs in one basket, unless you only have 1 U of
space and 1 power plug.
