[149526] in North American Network Operators' Group
Firewalls in service provider environments
daemon@ATHENA.MIT.EDU (Matthew Reath)
Tue Feb 7 16:32:16 2012
Date: Tue, 7 Feb 2012 15:31:21 -0600
From: "Matthew Reath" <matt@mattreath.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
All,
Looking for some recommendations on firewall placement in service provider
environments. I'm of the school of thought that in my SP network I do as
little firewalling/packet filtering as possible. As in none, leave that to
my end users or offer a "managed" firewall solution where if a customer
signs up for the extra service I put him in a VRF or VLAN that is "behind"
a firewall and manage that solution for them. Otherwise I don't prefer to
have a firewall inline in my service provider network for all customer
traffic to go through. I can accomplish filtering of known bad ports on my
edge routers either facing my customers or upstream providers.
What is the group's thought on this?
-Matt
--
Matt Reath
CCIE #27316 (SP)
matt@mattreath.com | http://mattreath.com
Twitter: http://twitter.com/mpreath
