[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] basic security question- a little off topic
Donna, If your talking about internal default routes, I personally don't see the issue. I would suggest that you use an internal proxy and have your internal users talk to it. This can allow you to have a proxy and caching system to assist in security and bandwidth usage. In addition, by not having specific routes on each of your internal systems, you can make changes a little more easier, with having to make changes on all the clients. Your rulebase would potentially be smaller and hopefully more manageable. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> <[email protected]> 11/17/00 11:52:21 AM >>> > >Hello all, > >I would be interested in your opinion about any security issues about >default routes. The issue has been raised here that we should not have a >default route pointing to the internet (thru a FW, of course). The >internet access should be handled with proxies at the FW level. I do not >see any issues, secuirty or otherwise, with a default route but am I >missing something? It seems without a default route I will have a lot of >headaches (similar to the one I have right now!) > >Thanks, >Donna ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|