Using Firewalls for Policy Has Been a Disaster

Lindsay Hill comments on his blog:

Almost every SDN vendor today talks about policy, how they make it easy to express and enforce network policies. Cisco ACI, VMware NSX, Nuage Networks, OpenStack Congress, etc. This sounds fantastic. Who wouldn’t want a better, simpler way to get the network to apply the policies we want? But maybe it’s worth taking a look at how we manage policy today with firewalls, and why it doesn’t work.

Lindsay points out a great number of the issues with policy implementations as they exist today. Is policy flawed? Or have we perverted it by bolting it onto devices that shouldn’t have been running it in the first place?

Read more at: Using Firewalls for Policy Has Been a Disaster

About the author

Stephen Foskett

Stephen Foskett is an active participant in the world of enterprise information technology, currently focusing on enterprise storage, server virtualization, networking, and cloud computing. He organizes the popular Tech Field Day event series for Gestalt IT and runs Foskett Services. A long-time voice in the storage industry, Stephen has authored numerous articles for industry publications, and is a popular presenter at industry events. He can be found online at,, and on Twitter at @SFoskett.

Leave a Comment