Security concern in configuring dynamic Routing protocol on Firewall

Unanswered Question
Sep 18th, 2007
User Badges:


I've always read we should not configure dynamic routing protocols on Firewall. Why?

We can control routing updates using route filters and allow what updates should be allowed bet rouer/fw then what is the harm in configuring it.?

Can someone please justify with links to best practices for it from cisco/SANS etc.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 09/24/2007 - 15:58
User Badges:

Static routing provides the best security. Because If malicious / incorrect routing updates are injected into the PIX, then that

can affect overall operation of the PIX

yogendra.trivedi Tue, 09/25/2007 - 21:20
User Badges:

Agree with your reply and that is waht we have always followed for, But can you point me to some links on cisco/SANS site where this info is documented.




This Discussion