Re: firewall ... Cisco
hi,
could you tell me what could we do with a firewall and not with a cisco
cause i know a cisco can filter on ip on any protocol so
where are the real advantages ...
I think the Cisco IOS firewall-release knows about some protocols, like
ftp and such bastards, I've never seen it IRL)
A "real" firewall is suitable when you need to filter RPC services (like
NFS for example, it runs via portmap and high udp ports)
and for FTP. It also keeps state for tcp by itself, it's not just
looking for the tcp-established flag.
My _personal_ opinion is that Cisco ACL works real fine and with good
throughput. It's easy to build a fail-over environment with HSRP. (Cisco
PIX is a interesting product if it fits in your environment with it's
default settings, but it could be a pain to administer otherwise)
Computer based firewalls is like computers in common: the OS gets old,
buffer overruns, you get nervous each time you about to shut it down or
reboot.
Best regards
Martin
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: