Firewall Wizards mailing list archives
Re: Any reason not to use PIX ?
From: "Bill Pennington" <bpennington () lucidnetworks com>
Date: Tue, 7 Dec 1999 22:30:41 -0800
I love the Pix firewall. It is very easy to setup and maintain especially if you already know IOS. They have some new GUI software for config and monitoring that runs on NT. It is supposed to be pretty good although I have not used it. It takes about 10 minutes to setup then you can just forget about it. Just monitor the logs (get Webtrends for Firewalls and VPNs) and you are done. One thing to note the Pix works best if you use NAT, non-NATed configs can be a pain in the rear from my experience but it could be that I have only run into one of them and was kinda freaked :-) On the other hand NT can be made pretty secure if you know what you are doing so I would not dismiss it completely, just almost completely :-) Hope that helps, let me know if you have any more questions. Bill Pennington Consultant Lucid NetworX ----- Original Message ----- From: Gledson Pompeu Correa Da Costa <GledsonPC () TCU gov br> To: <firewall-wizards () nfr net> Sent: Tuesday, December 07, 1999 10:23 AM Subject: Any reason not to use PIX ?
Hi there, I'm a long time reader of the list, and finally have a question to submit to all gurus out there. The explanation is a bit long, but I hope
it
serves well the purpose of presenting the case. The situation: We have a strictly NT based network running intranet, internet and extranet (public services) out of IIS servers, and our Internet connection is currently protected by two Free-BSD machines - one for proxying general connections in and out of our internal net, and one for serving web pages out of our IIS servers through reverse proxy. The problem: Our general knowledge of Unix is low: in a support team of 10, 2 have a small experience and only 1 is somewhat knowledgeable in the
platform
(somewhat knowledgeable meaning installs the system and does the
recommended
tweaking mostly following scripts and how-to's). As you know, if you have only 1 person who knows a critical job, you're in trouble... Besides that, our training budget is low, so we must focus on technologies that support our core business (like NT and Oracle). So, we wish to establish a new firewall system that is not based on any variant of Unix. On the other hand, we are not confortable to place a firewall running on NT due to the frequency it gets bashed by hacker
groups
to find new exploits. The question (finally): Since Unix and NT are out, we are considering placing a Cisco PIX-515 at the core of our firewall, together with two Cisco choke routers to manage the inside and outside connections. The reasons for the choice are: 1 - It runs on a distinct platform from NT and Unix (IOS) 2 - In our team of 10, 9 are already trained in IOS (at various levels) 3 - We consider it to be a secure platform SO, is there any reason not to use PIX (like major holes or other problems with the product) ? Are there better alternatives in the "black box" division ? Thanks in advance for all your answers. Sincerely yours, Gledson Pompeu TCU / SEINF / SENET Internet Service Manager "Smart people talk about ideas; Common people talk about facts; Mediocre people talk about people"
Current thread:
- Any reason not to use PIX ? Gledson Pompeu Correa Da Costa (Dec 07)
- Re: Any reason not to use PIX ? Bill Pennington (Dec 08)
- Re: Any reason not to use PIX ? Albert Hopkins (Dec 10)
- Re: Any reason not to use PIX ? Lorens Kockum (Dec 08)
- Re: Any reason not to use PIX ? Brad Van Orden (Dec 08)
- Re: Any reason not to use PIX ? S. Jonah Pressman (Dec 08)
- <Possible follow-ups>
- Re: Any reason not to use PIX ? ark (Dec 08)
- Re: Any reason not to use PIX ? Matthew J. Wolf (Dec 10)
- Re: Any reason not to use PIX ? Bill Pennington (Dec 08)