>>By the Way, are there any other Firewalls that support BGP natively?
>Well, any unix based firewall can do BGP4, so long as you can compile and
>run gated which supports BGP4. Of course, I would not recommend running a
>routing protocol on a firewall. What if you can convince the firewall that
>an Internal machine is only reachable by an external interface? Then you
>can spoof that address and cause all kinds of havoc.
BGP is not a routing protocol you want to run on a fw. Many sites will
faced with upgrading their Internet connection to t3 speeds. This alone
conventional fw's to the limit. Adding BGP processing to this is asking for
a potential nightmare. Good rule of thumb: let your routers do your routing;
it's what they're built for.
R. Todd Truitt ttruitt @
Systems Engineer Security, Availabilty and Management
Cisco Systems, Inc. 303.220.6164