From: Rodgers Moore (rodgers@xxxxxxxxxxxxxx)
Date: Mon Oct 15 2001 - 00:39:42 GMT-3
I think this is a semantic distinction. Cisco characterizes the Local Director
as a bridge, but obviously it functions at much higher layers. Cisco says that
the PIX is NOT a router, then what is it? A bridge that can do NAT and
routing? Seriously, stateful inspection firewalling requires the underlying
system to be a promiscuous mode bridge, that way every packet gets inspected so
certain functionality can be implemented.
Firewalling purely at layer 2 is nothing but port security on a catalyst
switch. Really good firewalls allow configuration of allowed/denied MAC
addresses.
Please don't tell me it was a Security consultant that said this.... All the
world needs is another half baked consultant. :))
Rodgers Moore, CCIE #8153, CCNP-Security, CCDP
Design and Security Consultant
louie kouncar wrote:
> All,
>
> I have been working with Check point firewall for a while, and just today I
> heard a guy say that there is a kind of firewall that is a layer 2 device,
> anyone can comment on that please....
>
> Thank you
>
> Louie J. Kouncar CCIE #7994
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:19 GMT-3