[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)

To: Henry Spencer <henry@spsystems.net>
Subject: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Mon, 10 May 1999 11:11:26 -0400 (EDT)
Address: 1 Amherst St., Cambridge, MA 02139
CC: IP Security List <ipsec@lists.tislabs.com>
In-reply-to: Henry Spencer's message of Mon, 10 May 1999 10:20:03 -0400 (EDT),<Pine.BSI.3.91.990510101955.23998E-100000@spsystems.net>
Phone: (617) 253-8091
Sender: owner-ipsec@lists.tislabs.com


I will observe that for many companies, the group that wishes to run the
firewalls is typically anally challenged, and typically the rest of the
organization typically doesn't care about security except to resent the
group that runs the firewall.  

In that situation, it may very well make sense for the firewall and the
ipsec gateway to be (logically, if not physically) the same service, and
run by the firewall group.  Obviously, each company's politics and
technical issues will be different, but my guess would be that for many
such companies, the requirement to poke holes in the firewall may not be
an issue since the folks running the firewall will be the one installing
the IPSEC gateway ---- possibly by replacing their firewall with one of
those products which integrate the firewall and ipsec gatewaying
functionality into a single box.

						- Ted

References:

RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)

From: Henry Spencer <henry@spsystems.net>

Prev by Date: RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Next by Date: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Prev by thread: RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Next by thread: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Index(es):
- Main
- Thread