Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Paul D. Robertson" <paul () compuwar net>
Date: Mon, 26 Nov 2007 13:49:21 -0500 (EST)
On Mon, 26 Nov 2007, Bill McGee (bam) wrote: I'm probably going to throttle this thread after this, because it's getting into semantics and marketing...
You're right that there has been a great deal of convergence and feature parity development between PIX/ASA and the IOS and CatOS Firewalls. This, again, is "on purpose." It's part of Cisco's position that security and risk reduction are better when the disparate parts of your security and network solutions work together.
But to say they're *different* due to some magic strategy is still disingenious, they're different because _they were different at the start_, not because Cisco suddenly had some great epiphany to create a security product on a new platform with a new codebase so that their customers could feel secure that a bug in their screening router wouldn't affect their firewall. It was also Cisco's position at one point that IOS uber alles should be the mantra- I remember early on saying something along the lines of "I wouldn't buy a PIX because they're flawed, but moving them to IOS is going to make me even less likely to buy any of them since I'm using IOS on my screening routers and providing the same codebase in every portion of my security infrastructure is stupid." *That* would have been screwing it up. The fact that the "let's screw it up" plan didn't happen is good, but it's not the same as designing two very different products from the start.
A plan in progress (and yes, I've been here for ten years and am pretty sure we have had, and continue to have a strategy) means that at any moment in time you are only going to see what's available then. That's why the positioning and messaging evolves over time. At one time, we had
Yes, but your current "positioning message" appears to be "We made two different products and kept them seperate..." not "We started with two different products and didn't merge them..."
It's not quite the same thing, IMO, as just managing to not "screw it up."
You start with an apple you bought from a friend and an orange you grew in your garden, you at some point decide to proclaim that you shall turn the apple into an orange, then decide not to. You then proclaim that you made the apple and orange different on purpose. That's how your "positioning message" came across to me and to a large number of readers on this list- couple (*cough*) that with a term like "positioning statement" and then ask us what "position" we think a vendor's thinking their customer is in when they use that term. It was 50/50 if I should have approved the original message because it's mostly marketing fluff. I get a fair number of questions about approving marginal messages when I do so- this thread's about run it's course, seems like you're sticking with your position and I'm sticking with mine- so we'll just have to agree to differ. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 25)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Re: Firewalls that generate new packets.. Brian Loe (Nov 26)
- First there was Personal Firewall Day... Dave Piscitello (Nov 30)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 27)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)