9 Feb
2009
9 Feb
'09
8 p.m.
Mark Newton wrote:
On a commodity consumer CPE device, the ALG code doubles as a stateful inspection engine.
So it _is_ required when address translations are not being performed.
Hmmmm, the code may be there, but I suspect that not all of it will apply to v6 and be used.
Is security something that gets thought about now, or post-deployment?
I suspect that depends on who you ask. Security is always the top of my list. That being said, what security is there in removing NAT from v4 because it broke what the customer wanted to do? Then they are back to their host based stateful firewall; which apparently everyone believes is not good enough. Might as well throw in v6 and trash the NAT. Jack