On Nov 21, 2013, at 4:21 AM, Cliff Bowles <cliff.bowles@apollogrp.edu> wrote:
Finally, if you tried one of the options and it was terrible, please explain.
They're all terrible, heh. Get the firewalls out of the picture: <https://app.box.com/s/a3oqqlgwe15j8svojvzl> Stateful firewalls should not be placed in front of servers, and should not be interposed between eBGP peers. Whatever access policies are necessary should be expressed in stateless ACLs, as there's no point in putting a stateful inspection device in front of a server which receives unsolicited communications, and many reasons for not doing so. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton