I've always read we should not configure dynamic routing protocols on Firewall. Why?
We can control routing updates using route filters and allow what updates should be allowed bet rouer/fw then what is the harm in configuring it.?
Can someone please justify with links to best practices for it from cisco/SANS etc.