> > I believe the primary purpose of firewalls should be to protect the > > network, not the hosts, from abusive or unauthorized usage. > > So for every firewall you purchase and install, you can focus its > configuration and operation on protecting the network from your users. I > trust you agree that it's appropriate for the rest of the world to be > free to make similar decisions in what they choose to be their own > perceived best interest?
we're talking about different things. I'm talking about architecture and specifically what separation of function/responsibility between firewalls and the network would allow both security and flexibility to be maximized. you're talking about decisions that people make between products that work with (or against) the existing architecture.
