Firewall administrators are concerned with where the encryption takes place within a packet. If firewalls are making decisions based on the information within a packet and that information is encrypted, it is impossible to see if it is a valid packet. Some administrators require the decryption of packets at the firewall so they can make a decision prior to passing them. The PIX offers this capability. Other administrators have been forced to allow encrypted packets into their networks, leaving all security to the sending and recieving encrypting devices. |