Donna,
If your talking about internal default routes, I
personally don't see the issue. I would suggest
that you use an internal proxy and have your
internal users talk to it. This can allow you to
have a proxy and caching system to assist
in security and bandwidth usage.
In addition, by not having specific routes on
each of your internal systems, you can make
changes a little more easier, with having to
make changes on all the clients. Your rulebase
would potentially be smaller and hopefully more
manageable.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> <[EMAIL PROTECTED]> 11/17/00 11:52:21 AM >>>
>
>Hello all,
>
>I would be interested in your opinion about any security issues about
>default routes. The issue has been raised here that we should not have a
>default route pointing to the internet (thru a FW, of course). The
>internet access should be handled with proxies at the FW level. I do not
>see any issues, secuirty or otherwise, with a default route but am I
>missing something? It seems without a default route I will have a lot of
>headaches (similar to the one I have right now!)
>
>Thanks,
>Donna
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
