On Tue, 16 Apr 2002, Mikael Olsson wrote: > Hey, no argument from me. I just thought I'd attempt to
That's a first! ;) > Interesting. Of course, if one assumes "properly built and properly > configured", I guess it doesn't apply, but it does raise the question > of an only-moderately-clued admin forgetting about these issues and > if the firewall can end up passing VLAN tagged packets (or cisco/3com > proprietary VLAN stuff -- argh) to switches and stuff on the inside > that were never really configured to deal with it on the assumption > that "they're protected". > > Again: interesting. Especially when one considers "I can build a bridge with Linux/FreeBSD and get the same type of..." stuff (yes, you can, no it's not simple.) I guess the other thing I was interested in bringing up is that having layer three devices before and after bridge mode devices is often a very good thing from a protection standpoint, which may negate one of the "reasons" people generally use for deploying them, but shouldn't be dismissed out of hand. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
