Firebox Set up - drop in or routed?

[churchco]

Can any one give the disadvantages of using the drop in mode for setting up a Firebox?

This is preferable, because it is much easier to maintain and understand - in this case I would give computers on the optional network a public IP number.

I have found the routed mode also introduces many complexities for communication between the trusted and optional network, with hosts not being easily accessible using domain names.

Any thoughts or suggestions appreciated.

 

[pankajchawla]

Use drop in if you have enough number of routable ip addresses because your internal servers wil have the routable ip aaddress. the disadvantage of doing this is that the servers will be directly accesible in the other case they will be behind nat(routed). the advantage of using this is that it will be tranparent to internal network if you are deploying the firewall for the first time i.e. existing setup.

In the routed mode the firewall will be doing NAT.

There should not be any problem in any of the senario if the FW is configured properly, chosing a setup depends on your requirement.

Regards
Pankaj

 

[AdminGreg]

Choosing wich setup to deploy really depends on what your environment requires.
Drop-in mode is used mainly when you need to use public IP addresses on the trusted and optional interfaces. You can still use private IP ranges by adding a secondary network to the interface (very easy to do).
Routed mode is my prefered way to go.

 

[pankajchawla]

Also if you setup in drop in mode you will need to understand the proxy ARP, because this is a hassle in some cases.