For a number of reasons, not the least of which is: packet filtering sucks and will
not stand on it's own long. Think of the firewall as being the screening rtr,
firewall and choke router instead of just that machine sandwiched between the two.
You are just layering your security. You are attempting to control what gets to the
firewall (thereby reducing the load since you can filter crap you don't want your
firewall to waste cycles on), then there is the firewall itself which (typically) a
much more intelligent method of filtering than just layer 3 packet filtering, and then
you limit again what goes into your net and out to the firewall at the choke. It's
kind of like wearing a shirt, sweat shirt, flannel shirt, and coat to protect yourself
from damp cold, instead of just a big coat (trust me, it works better).
----- Original Message -----
From: security security <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 14, 2000 10:02 AM
Subject: question about screening router
> i know this is a dumb question, but I'm sure u experts can come up with a
> brilliant answer for that.
>
> If a screening router is kinda doing the job of a firewall, then why do we
> even need a firewall?
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
