[Mip6-firewall] HA Firewall BCP draft
Yaron Sheffer
yaronf at checkpoint.com
Sun Jul 1 07:00:04 EDT 2007
Many (most?) people implement a VPN in one box with a firewall. IPsec
VPN are required *by the standard* to perform packet filtering on the
encapsulated traffic, and not just by IP address, also by
protocols/ports etc. See RFC 4301.
Thanks,
Yaron
QIU Ying wrote:
> Hi, Gabor,
>
> From: <Gabor.Bajko at nokia.com>
>
>> Do we want to talk in the draft about the relation between fw rules and
>> ipsec policies?
>>
>
> It is true that some people look VPN as firewall. But a VPN firewall is too
> heavy and can only filter packets based on IP addresses.
>
> regards
> Qiu Ying
>
>
>
>
> ------------ Institute For Infocomm Research - Disclaimer -------------This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.--------------------------------------------------------
> _______________________________________________
> Mip6-firewall mailing list
> Mip6-firewall at zeke.ecotroph.net
> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zeke.ecotroph.net/pipermail/mip6-firewall/attachments/20070701/cee474ff/attachment.html
More information about the Mip6-firewall
mailing list