Re: firewall ... Cisco

To: firewall38@lycos.com
Cc: debian <debian-firewall@lists.debian.org>
Subject: Re: firewall ... Cisco
From: Martin Berg <martin@default.nu>
Date: Tue, 18 Jun 2002 13:44:28 +0200
Message-id: <[🔎] 3D0F1D1C.9050207@default.nu>
References: <[🔎] LAIKNODMMFMFABAA@mailcity.com>

hi,
could you tell me what could we do with a firewall and not with a ciscocause i know a cisco can filter on ip on any protocol sowhere are the real advantages ...

I think the Cisco IOS firewall-release knows about some protocols, likeftp and such bastards, I've never seen it IRL)

A "real" firewall is suitable when you need to filter RPC services (likeNFS for example, it runs via portmap and high udp ports)and for FTP. It also keeps state for tcp by itself, it's not justlooking for the tcp-established flag.

My _personal_ opinion is that Cisco ACL works real fine and with goodthroughput. It's easy to build a fail-over environment with HSRP. (CiscoPIX is a interesting product if it fits in your environment with it'sdefault settings, but it could be a pain to administer otherwise)Computer based firewalls is like computers in common: the OS gets old,buffer overruns, you get nervous each time you about to shut it down orreboot.


Best regards

Martin


--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- RE: firewall ... Cisco
  - From: James <james@james-web.net>

References:
- firewall ... Cisco
  - From: "sim ton" <firewall38@lycos.com>

Prev by Date: firewall ... Cisco
Next by Date: ftp waiting
Previous by thread: firewall ... Cisco
Next by thread: RE: firewall ... Cisco
Index(es):
- Date
- Thread