Again...
Having a console server is indeed an option, but a pain in the neck when it comes to
changing configurations.
How about changing a policy that is shared by 100 firewalls, making the changes via
the console will take quite a bit of time,
or very intelligent scripting :)
It costs me only 2 clicks with the mouse and all my bridged firewalls are updated no
matter where they are and if they are
currently available.
(after changing 1 policy of course)
The real difference with routed and bridged firewalls is that bridged firewalls have
their interfaces in promiscuous mode and
therefore do not even show up in MAC tables, except for when management tarffic is
going back and forth between the management
station and firewall.
Bridged firewalls do not need subnet based address assignment on their interfaces, you
can have 10 interfaces with technically
overlapping IP address ranges on all. An IP address that theoretically belongs to
range A that is configured to be behind
interface 2 can be placed on interface 5 etc. Adding a huge flexibility on DMZ
creation, NATting etc.
Similar situations will require vast/intelligent routing on a routed firewall, link
redundance without session loss is also
extremely easy to setup using a bridged firewall, as long as the redundant link's
traffic also passes through your firewall.
Another 2 cts.
Greetings,
Diederik
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
