Sorry I didn't see Melinda's response. Maybe because I am not subscribed in opsawg.
> Would you mind elaborating on the kind of features that you're referring to? Vendors have multiple. Some are: - File inspection, Application visibility and control - TLS proxying - IPS - Malware protection - DNS blackholing - Botnet protection, similar to reputation filtering - Web protection and filtering - behavioral analysis, event correlation - Vulnerability analysis - Traffic control (policing etc) - Threat protection (top talkers, DoS etc) Firewalls and their managements platforms have so many functions nowadays especially with so many vendors, that it is very tough to account for them in one document I think. > Please check many discussions in IETF circles. Many deem firewalls as evil. Could be, I wasn't aware. The industry doesn't seem to do so. Maybe the draft serves to address some concerns of the IETF community. Panos -----Original Message----- From: Fernando Gont [mailto:[email protected]] Sent: Thursday, September 17, 2015 8:31 PM To: Panos Kampanakis (pkampana); [email protected] Cc: '[email protected]' Subject: Re: [OPSEC] "On Firewalls in Internet Security" (Fwd: New Version Notification for draft-gont-opsawg-firewalls-analysis-00.txt) Hi, Panos, Thanks so much for your feedback! Please find some responses in-line (more coming...) On 09/17/2015 02:10 AM, Panos Kampanakis (pkampana) wrote: > > I am struggling to understand the gap this draft fills. Please see Melinda's comments... > Finally, with all the "NGFW" products and features out there that > section 4 could include many more kinds of fws. Same for section 5. Would you mind elaborating on the kind of features that you're referring to? > In general, I think that the draft covers legacy firewalls mostly, not > all the modern fw features that exist today and I am not sure if it > tries to convince readers about their need (because I don't think in > today's world firewalling functionality can be rejected as unnecessary > by anyone) Please check many discussions in IETF circles. Many deem firewalls as evil. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
