Re: issue with Nokia firewall / router...

[Joe Knape]

I'm not sure whether I'd consider it a performance issue or a security issue but the first thing that comes to mind are DoS attacks.  It's much easier to configure a router to minimize the affects of most of these attacks because ALL the routers cycles (at least in theory) are dedicated to processing or dropping the abhorrent packets.  When you combine functionality some of that granularity of control is lost.   Secondly, when one of my routers fails, I would much rather it fail in such a state that it still passes traffic, while when one of my firewalls fails I would hope that it fails in such a way as to block all traffic.  It's an arduous task to facilitate these opposite approaches on a single platform...   cheers, .joe   #include  <disclaimer.h>   -----Original Message----- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Tuesday, August 08, 2000 9:46 AM Subject: Re: issue with Nokia firewall / router... I agree that it is not the optimum configuration for performance reasons, nor that a properly configured router cannot add to the security of a network (in the same way that two firewalls are more secure than one).  But how, exactly, do you see this as a major security issue, with a properly configured firewall? J Weismann wrote: this is not a good idea from any point of view. It is a major security issue in and of itself. A good place to deploy checkpoint would always be BEHIND your only router. It develops another layer of security ( a fence if you will) to help keep those nasty ole baddies out... >From: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: issue with Nokia firewall / router... >Date: Tue, 8 Aug 2000 10:06:18 +0100 > >Hi, > >Is there any underlying issues with running Checkpoint Firewall-1 on a >Nokia IP330 which is also running as the only router to the internet? > >I understand that performance maybe impaired as its running as a router and >a firewall at the same time, yet do you know of any security issues? > >Simon