-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/03/2014 10:07 PM, G B via smartos-discuss wrote: > This may be more of an educational issue for myself (and maybe others) > regarding fwadm. From what I've read it manages SmartOS firewall rules > which effectively makes it a firewall like ipfilter. If I'm incorrect > please correct me. > > If it is essentially a firewall replacement, then in what capacity would > it be of use, since I already have a firewall for my lan and dmz? If it > isn't a replacement firewall, then in what capacity would it be used? It's used as an alternative to physical firewalls when you can't control the ones that exist on the network. It is useful for providing your customer or other teams internally the ability to do Layer 3 security through automated mechanisms.
I like it versus a physical firewall because it knows the machines in my SmartDataCenter deployment and I can provide rules directly referencing specific machines or tags rather than IP addresses. This makes it a very flexible security zoning tool that allows security segmentation decoupled from network segmentation. Best, Alain -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT3uEGAAoJEP0rIXJNjNSAyV0IALgKlEgKaJQxj95QnHcLoeV/ TDlOTvYd0YpxpxGSNdXLbz8mpJZfnEKrUg55bWgF0sibuD6oxAS3yyHPyVPjJ3q8 yFSLXVKs49paon0eosIJRJaO01uIFc2gDqWcLv7zxpHfm2Lyj5QeyMKTXJ32k+1e 5DjBOBVvWtuPb6KX0cLJX/Ctj/A2xFIlwfZndKJ2qJqcVinBOo5jn2+tmqoysVjU Hvak9vJH8P6apxbUIVEne0crVBhryW6Kbg1nQ/kPhNo2lwJO8+PORAza8BuwrLBX sZq4mzP5DftUnHvsPJt6iZ7t3wyCJnxUtEzPzGo3Ks8nuHwhZGzjZenv6ojlv+Q= =kS0z -----END PGP SIGNATURE----- ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
