I agree with
you, Jeff. The firewall offers
much better security than the ACLs in that it can allow or deny traffic up to
the application layer of the OSI. I
think the firewall is more flexible in meeting the security requirements of
most organizations looking to manage applications and services such as web,
email, etc. Some will argue that
Cisco allows for application-layer filtering (thru ACL 100-199), but how well
can the administrator determine such factors as when (time of day) and what
sites to deny/allow access to? Also,
with CkPts’ stateful inspection technology, the firewall is best capable of
managing networks with high traffic volumes and thus would serve as the better
choice for a gateway security mechanism.
-CJ
-----Original
Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]]On Behalf Of Barber, Jeff @ CKE
Sent: Tuesday, May 07, 2002 12:53
PM
To:
[email protected]
Subject: [FW-1] VPN vs Firewall -
Your Thoughts
Hey All
I am having some mixed
thoughts on the difference between a VPN and a Firewall.
A VPN allows for encrypted traffic to and from 2
or more points. A Firewall protects networks by allowing or denying packets.
If I have a CISCO to
CISCO VPN that does NOT go through a Firewall before entering the internal
network, am I secure?
Some will argue that VPN devices such as CISCO
can act as firewalls by adding ACL's. My stance is that anything entering into
the internal network should go thru my CHECKPOINT Firewalls.
Looking for your
professional thoughts and opinions.
J. Barber -
ccse,scsa
Information Technology
When I see the sea once
more,
would the sea have seen or not seen me?