Re: PIX vs CheckPoint

[Jeff Kell <jeff-kell () utc edu>]

Eric Paynter wrote:

> On Tue, June 29, 2004 4:57 pm, Gary E. Miller said:
>
> > I agree, except for one small problem.  Don't you still have to delete
> > ALL the filter rules, and reenter them ALL to change the order of the
> > rules?
>
> I don't administer the PIX boxes, so I don't know the details of the
> interface. My statements were based on what the admins told me. However,
> isn't the beauty of any CLI app that you can do all your administration
> through simple scripts?

Sometimes it is an erase-and-redo operation, sometimes not; depends on 
the task you are trying to do and the software release.  Someone earlier 
mentioned the PDM (PIX Device Manager) being a nightmare, but I find it 
to be absolutely wonderful for certain tasks.  You don't want to use it 
for batch/bulk updates/configs, but it certainly has its strong points 
(especially current versions of PDM and PIX software).

And yes, PIX logs are extremely verbose <ahem>.   Especially if you have 
it log URLs (which we aren't, but still get 5-10 gigs/day of logs).

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html