- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
| Intro to UTM Testing | Testing categories | Product Summaries | Click tabs to expand |
|---|
Dynamic routing is the kind of feature required of any UTM firewall as a means of providing deployment flexibility.
We tested the OSPF-routing capabilities of the UTM devices in order to simulate the kind of multiple-exit network (two Internet gateways) that might be common in a large network.
However, we do need to note that dynamic routing might also be useful on the inside of a multiple-zone firewall for a growing network as it picks up new subnets around the globe. VPNs, likewise, are perfect places for dynamic routing to be used. As a large VPN grows, the burden of managing the list of networks at each point in the VPN can be high, and dynamic routing combined with VPNs can help to maintain reachability information on what networks are connected without making every single device reconfigure its VPN each time the network changes. When VPNs are combined with dynamic routing, a tight integration among firewall policy, VPN rules and dynamic routing is required.
|
Two vendors stood out for making dynamic routing especially easy: Juniper, in both the ISG-1000 and the SSG-520, and Nokia, in the IP290 with Nokia’s IPSO operating system and Check Point’s VPN-1 firewall. While Juniper doesn’t offer the full suite of routing capabilities available on its enterprise and carrier-class routers, the ScreenOS routing features in combination with its virtual routers within the firewall and easily manageable configurations will probably go way beyond what is needed in most UTM environments. Likewise, Nokia’s IPSO platform has long had a very strong routing base, that supports clustering and a broad range of protocols .
To stress the extended features in both Juniper and Nokia dynamic routing, we also added a Border Gateway Protocol session to our test devices and made sure that we could control the propagation of routes between OSPF and BGP.
Rss FeedRss Feed
what are the benefits of project management - Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (2)
RE: Cisco UTMBy Joel Snyder on November 17, 2007, 9:03 pmWell, a better question is: "what is in the PIX/ASA for dynamic routing?" The answer is "not very much." Cisco's current design for the ASA is not going into...
Reply | Read entire comment
RE: UTMs require routing for flexibility's sakeBy tom on November 15, 2007, 1:43 pmwhat was missing in cisco utm for routing support?
Reply | Read entire comment
View all comments