Firewall Wizards mailing list archives

Re: Cisco IOS

From: Eric Vyncke <evyncke () cisco com>
Date: Tue, 12 Dec 2000 06:16:56 +0100

And IOS firewall is also much more strict on the TCP finite state
machine: checking all states and checking whether the sequence
number fits in expected sequence.

More logging and auditing are also provided

Regards

-eric

At 13:54 8/12/00 +1300, Robert Purdy (DSL AK) wrote:

Can anyone tell me what added features I get out of putting the Firewall IOS
on a 1600 over what I can do in ACLs?

For a B2B connection that does not have a requirement to be 100%
bullet-proof all the time, is a Firewall IOS really required?

Are there any holes in a ACL apart from the fact that there is an implicit
allow rather than deny if the ACL is not no the interface?

Thanks
Rob Purdy

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


Eric Vyncke                        
Distinguished Engineer             Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-475-312.458
PGP Key available on request       MOBILE HAS CHANGED ON 11th November 2000


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco IOS Robert Purdy (DSL AK) (Dec 09)
- <Possible follow-ups>
- Re: Cisco IOS Ryan Russell (Dec 10)
- Re: Cisco IOS Joe Dauncey (Dec 12)
- Cisco IOS Christopher J. Wargaski (Dec 12)
- Re: Cisco IOS Eric Vyncke (Dec 14)