|
||||||||||
-----Original Message----- From: Fred Weston [mailto:Fred at daytonawan dot com] Sent: Saturday, January 24, 2004 2:58 PM To: Richard Morrell Cc: Brandon Holland; 'fisch'; m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Feature request which would make m0n0wall even better ;) Richard Morrell wrote: >Personally.... I think NTP on a firewall is pointless. You don't find >Sonicwall, Watchguard, Checkpoint doing it. Any NAT'ing firewall will >allow you to use any one of 30000 public NTP servers so whats the issue ? > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > >You could argue that a larger network might benefit from the reduced >Internet bandwidth with a local NTP server, but I agree that the amount >of bandwidth is so miniscule that it's not a pressing issue. Fred, you can't argue even THAT point, since not having an NTP server on your m0n0 doesn't restrict you from having one on your internal network somewhere - one that even grabs time from a tier 1 server in California for example. As with what I wrote prior, it's more secure to use an internal NTP server than one sitting right there, directed connected on your firewall. The service "breaking" on your firewall could mean, one of all kinds of lovely things. (Key possibilities being freezing, slow downs or even being compromised) Case in point: You can still use an ntp, but don't put a non-essential service for firewall function on your firewall! Placing unneeded services on a firewall is just a bad idea. |