24 Jun
2019
24 Jun
'19
10:58 p.m.
Hi All We have a few CCR1072's as our border routers, core routers and PE routers. They are pure routers (OSPF, BGP, Routing) with no NAT, Mangle, etc. They just route packets around on public IPs. We're providing internet services to our customers and our IaaS environment. In this scenario it makes sense to me that we would disable connection tracking. Extra over head with no real value? However, once you turn this of you lose the ability to use Established/Related rules in your firewall input chain, making DNS/upgrading/NTP etc a bit of a pain since return packets are dropped. So, I'm curious, are others using CCR's in these scenarios? Do you have connection tracking on or off? Why? Shane