[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dynamic routing on firewalls.

Subject: Dynamic routing on firewalls.
From: eugen at imacandi.net (Eugeniu Patrascu)
Date: Thu, 5 Feb 2015 16:42:26 +0200
In-reply-to: <[email protected]>
References: <[email protected]>

On Thu, Feb 5, 2015 at 4:10 PM, David Jansen <david at nines.nl> wrote:

> Hi,
>
> We have used dynamic routing on firewall in the old days. We did
> experience several severe outages due to this setup (OSPF en Cisco). As you
> will understand iâ??m not eager to go back to this solution but I am curious
> about your point of views.
>
> Is it advisory to so these days?
>
>
Any specific firewall in mind? As this depends from vendor to vendor.

I've had some issues with OSPF and CheckPoint firewalls when the firewalls
would be overloaded and started dropping packets at the interface level
causing adjacencies to go down, but I solved this by using BGP instead and
the routing issues went away.

On Juniper things tend work OK.

Other than this, make sure you don't run into asymmetric routing as
connections might get dropped because the firewall does not know about them
or packets arrive out of order and the firewall cannot reassemble all of
them.

Follow-Ups:
- Dynamic routing on firewalls.
  - From: rps at maine.edu (Ray Soucy)
- Dynamic routing on firewalls.
  - From: david at nines.nl (David Jansen)
- Dynamic routing on firewalls.
  - From: ml at kenweb.org (ML)
- Dynamic routing on firewalls.
  - From: santiago.martinez.uk at gmail.com (santiago martinez)

References:
- Dynamic routing on firewalls.
  - From: david at nines.nl (David Jansen)

Prev by Date: Checkpoint IPS
Next by Date: Dynamic routing on firewalls.
Previous by thread: Dynamic routing on firewalls.
Next by thread: Dynamic routing on firewalls.
Index(es):
- Date
- Thread