[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall ... Cisco

could you tell me what could we do with a firewall and not with a cisco cause i know a cisco can filter on ip on any protocol so where are the real advantages ...

I think the Cisco IOS firewall-release knows about some protocols, like ftp and such bastards, I've never seen it IRL)

A "real" firewall is suitable when you need to filter RPC services (like NFS for example, it runs via portmap and high udp ports) and for FTP. It also keeps state for tcp by itself, it's not just looking for the tcp-established flag.

My _personal_ opinion is that Cisco ACL works real fine and with good throughput. It's easy to build a fail-over environment with HSRP. (Cisco PIX is a interesting product if it fits in your environment with it's default settings, but it could be a pain to administer otherwise) Computer based firewalls is like computers in common: the OS gets old, buffer overruns, you get nervous each time you about to shut it down or reboot.

Best regards


To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: