Quote:
Originally Posted by yogi_ccse  Hi,
Why one should not configure dynamic routing protocols on FW? What is the harm?
Can anyone please justify this statement with links to some sites (cisco, SANS, Checkpoint) which support this?
Reg.
YT |
I recommend against having dynamic routing protocols on the Security Gateway for two reasons:
1. Many firewall problems are actually routing problems in disguise, so putting your dynamic routing on the same box as your Security Gateway makes it far more difficult to debug either of them.
2. By using dynamic routing, your Security Gateway has to trust the routing information updates it receives from other routers. This is a security risk; better to hard code them in as static routes.