Firewall Wizards mailing list archives

Cisco IOS

From: cjw () rmsbus com (Christopher J. Wargaski)
Date: Sat, 9 Dec 2000 23:07:51 -0600 (CST)

Folks--

On Fri, 8 Dec 2000, Robert Purdy (DSL AK) wrote:

Can anyone tell me what added features I get out of putting the Firewall IOS
on a 1600 over what I can do in ACLs?


Sure.  With ACLs, even reflexive ones, you have to leave TCP ports above
1023 wide open if you want to support non-PASV FTP.  With the firewall
feature set, it snoops out the port command, and opens just the one port
back.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/index.htm

It's also supposed to do some IDS stuff, but I haven't looked at it.
Supposed to have better logging, too.

 
   The Firewall IOS can inspect the data in some of the well known
applications (SMTP, HTTP, FTP, etc) for proper commands. This will
allow you to stop the goofs thinking they are sneaky by having 
inetd listen on port 25 on their UNIX box so they can telnet through
the filtering router.

                                        cjw


Christopher J. Wargaski
RMS
Information Technology Integrators
cjw () rmsbus com
(847) 215-1661, ext. 223

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco IOS Robert Purdy (DSL AK) (Dec 09)
- <Possible follow-ups>
- Re: Cisco IOS Ryan Russell (Dec 10)
- Re: Cisco IOS Joe Dauncey (Dec 12)
- Cisco IOS Christopher J. Wargaski (Dec 12)
- Re: Cisco IOS Eric Vyncke (Dec 14)