Firewall Wizards mailing list archives

Re: Cisco IOS Firewall feature

From: Úlfur <ulfur () cybercable fr>
Date: Wed, 13 Sep 2000 23:27:27 +0200

I was only reacting to your '<20' max number of clients, which did sound a
little low.
Sure no router doing CBAC will handle up to '250,000 simultaneous
connections, 6500 connexions per second', even on drugs. From the security
perspective,  I don't see any main differences. One is a router and the
other is a dedicated firewall, which for many people is a big difference.
There are also all kinds of features that one has and the other doesn't and
vice-versa, but at the core, both are firewalls of the same type. If we
forget the performance problem, the better one is the one which you manage
to configure better. FFS is probably a bit more complicated to configure,
but then, PIX was built to be easy to configure.

----- Original Message -----
From: Daniel Howe <dhowe () cirsa com>
To: 'Úlfur' <ulfur () cybercable fr>; <firewall-wizards () nfr net>
Sent: Wednesday, September 13, 2000 8:37 AM
Subject: RE: [fw-wiz] Cisco IOS Firewall feature



ok, so FFS is avaliable for most of the Cisco routers. Then what are the
features that FFS is missing compare to the Cisco PIX product?

Daniel.

-----Mensaje original-----
De: Úlfur [mailto:ulfur () cybercable fr]
Enviado el: martes 12 de septiembre de 2000 17:50
Para: firewall-wizards () nfr net
Asunto: Re: [fw-wiz] Cisco IOS Firewall feature

Daniel,

The software running on the IOS Firewall Feature Set (FFS) is not the

same

as the PIX, the pix runs in machine code, it does not run IOS. I would

only

recommend the FFS if there is only to be a small number of clients behind
the Firewall, i.e. <20. I would look at using this solution for small
satellite offices where cost is an issue, otherwise use the PIX 506 as an
alternative small office Firewall.


Only 20 users ? I guess if all you have is a cisco 800, 20 users might be
pushing it but if you got something a bit more powerful, I'm sure it scales
up better than that. Last I read, outside the low-end stuff, CBAC is
supported on 3600, 7100 and 7200 series.

ulfur


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Cisco IOS Firewall feature Daniel Howe (Sep 07)
- <Possible follow-ups>
- RE: Cisco IOS Firewall feature Garrahan, Kelvin (Sep 07)
  - Re: Cisco IOS Firewall feature Úlfur (Sep 12)
- Re: Cisco IOS Firewall feature Úlfur (Sep 13)