You would be better off firewalling various portions of your network vs. having two devices with essentially the same rule set in series.
As an example the GTA running your servers on the PSN, your internal office on the private, then a secondary firewall say keeping HR walled off from other users who might want to get into their machines. The benefit of the wall in series method is if your outer-most firewall is exploited, then you still have a line of defense. The downside though is the hacker who owns your outer-most wall now has the best place in the world to monitor your traffic. Gus -----Original Message----- From: Christopher A. Congdon [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 6:47 PM To: GNATBOX-Users Subject: RE: [gb-users] RE: [SPAM] - [gb-users] GB-1000 and ISA - Email found in subject > If the GB is just forwarding all traffic to another device, why bother > having it there at all? > It is my understanding that in the security industry, some people think the best defense is a double-layered firewall solution. ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
