My new ASDL provider sent me a ZyXEL Prestige 650R as ADSL modem.
By default this device is configured as bridge, which means that the WAN interface of the firewall gets an IP-address from the DHCP server of the provider based on the MAC-address of the interface.
In my opinion this is very good because it means that the interface that is 'visable' from the Internet is the firewall itself, so I'm very much in control about how to handle portscans, ping reqests ect.
In my opinion it should not be possible to 'see' the bridge from the Internet, so it should not be possible to abuse possible weaknesses in the bridge.
Now some people advice me to configure the ADSL modem as router. They say I'm more in control about how to handle traffic.
Personally I only see disadvantages: the router will be visable from the Internet and can be hacked when there are weaknesses.
A second disadvantage could be that I introduce an extra network, which is between the router and the firewall, which makes the complete system slower because an extra step of address translation should take place.
What is your opinion about this subject?
This thread was automatically locked due to age.
