Firewall Wizards mailing list archives
Re: Cisco IOS
From: Eric Vyncke <evyncke () cisco com>
Date: Tue, 12 Dec 2000 06:16:56 +0100
And IOS firewall is also much more strict on the TCP finite state machine: checking all states and checking whether the sequence number fits in expected sequence. More logging and auditing are also provided Regards -eric At 13:54 8/12/00 +1300, Robert Purdy (DSL AK) wrote:
Can anyone tell me what added features I get out of putting the Firewall IOS on a 1600 over what I can do in ACLs? For a B2B connection that does not have a requirement to be 100% bullet-proof all the time, is a Firewall IOS really required? Are there any holes in a ACL apart from the fact that there is an implicit allow rather than deny if the ACL is not no the interface? Thanks Rob Purdy _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Eric Vyncke Distinguished Engineer Cisco Systems EMEA Phone: +32-2-778.4677 Fax: +32-2-778.4300 E-mail: evyncke () cisco com Mobile: +32-475-312.458 PGP Key available on request MOBILE HAS CHANGED ON 11th November 2000 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco IOS Robert Purdy (DSL AK) (Dec 09)
- <Possible follow-ups>
- Re: Cisco IOS Ryan Russell (Dec 10)
- Re: Cisco IOS Joe Dauncey (Dec 12)
- Cisco IOS Christopher J. Wargaski (Dec 12)
- Re: Cisco IOS Eric Vyncke (Dec 14)