Friday, March 12, 2021

Age-old question: Router or firewall first on the edge?

I know this is an old topic that has been discussed often, and the answer is usually "it depends". I was chatting with this guy today and he said if someone puts the router first they are a total dumbass and he won't talk to them any further. I felt a little awkward because I always put a router on the edge, so I stayed quiet and nodded sagely. I null route a bunch of stuff on the router like RFC 1918 and bunch of other subnets that I don't like. I can also filter IKE and SSL traffic to the firewall so I don't have to scramble every time Cisco announces a new vulnerabilty (we're small so it's not hard). I guess you could do that with two firewalls though.

So anyway, is it as cut and dried and this guy seems to think? Just wondered what the consensus was these days. Maybe I'm behind the times.



No comments:

Post a Comment