There is one reason that does not apply though: to have a different set
of bugs/exploits (independent vulnerability set ?).
:)
I could not resist.
-Carlos
Dan Shechter @ 14/08/2012 08:06 -0300 dixit:
> Jeremy,
>
> The same reasons for cascading physical firewalls apply to cascading
> logical (contexts) firewalls.
>
> For example:
>
> - Two different departments need to control access, so only if both
> firewalls permit the packets then the traffic will flow. Much like using
> dual locks.
> - To protect from human configuration errors, firewalls are cascaded and
> policy must be configured twice to allow traffic through.
> - One firewall to connect the whole network to the internet, and several
> other firewalls to protect each sub network. Which is a combination of the
> two above
> - Fun at CCIE lab... ;)
>
>
> HTH,
> Dan #13685 (RS/Sec/SP)
> The CCIE troubleshooting blog: http://dans-net.com
> Bring order to your Private VLAN network: http://marathon-networks.com
>
>
>
> On Tue, Aug 14, 2012 at 8:15 AM, jeremy co <jeremy.cool14_at_gmail.com> wrote:
>
>> Hi ,
>>
>> Im just wondering if someone can guide me if there is any real world
>> implementation of cascaded context has been deployed, or any reason of
>> going through such a complexity.
>>
>>
>> Thanks
>>
>> Jeremy
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Tue Aug 14 2012 - 08:15:10 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART