| | | | | | | | |
|
|
|
You're here: Home |
> Craig A. Huegen wrote: > ...keep in mind that this breaks stateful > firewalling too, Not if the return traffic is backhauled to the firewall that originally let it in. Then there is no need for firewall state shared all across the network. /me runs This involves dirty hacks including double NAT in back of the firewall. These are desperate measures but one can go a long way to avoid paying three times for transit. > unless state is shared across the entire network Sometimes it's not even possible due to firewall limitations and other annoyances. Note that I'm not saying this is good, but again if the alternative is paying three times more.... > (which is pretty significant when you're talking about > passing and replicating messages for every single > connection out of the network). No argument here. Michel.
