[68799] in North American Network Operators' Group
Re: Assymetric Routing / Statefull Inspection Firewall
daemon@ATHENA.MIT.EDU (alex@pilosoft.com)
Tue Mar 16 22:29:50 2004
Date: Tue, 16 Mar 2004 22:07:24 -0500 (EST)
From: alex@pilosoft.com
Cc: nanog@nanog.org
In-Reply-To: <000001c40bc7$56f39d20$6401a8c0@msthome>
Errors-To: owner-nanog-outgoing@merit.edu
If you are asking for stateful filtering for a firewall that sees only
one-way conversation, it does not exist and cannot exist, by definition.
If you are asking for some way for firewall A that sees only inbound
packets and firewall B that sees only outbound packets to communicate said
information - I suggest mirror port on a switch.
Otherwise, as long as firewall sees both incoming and outgoing packets,
why would it care what happens later at your border routers?
--
Alex Pilosov | DSL, Colocation, Hosting Services
President | alex@pilosoft.com (800) 710-7031
Pilosoft, Inc. | http://www.pilosoft.com
On Tue, 16 Mar 2004, Mike Turner wrote:
> Hello Everyone,
>
> I am currently looking for a statefull inspection firewall
> that support asymmetric routing - is there such a product? I cannot
> imagine that I am the only person with redundant Internet connectivity,
> that would like to put firewalls near the edge of our network. Any
> thoughts / Suggestions would be greatly appreciated!
>
> Thanks,
>
> Mike
>
