RE: CISCO CENTRI FIREWALL

[Houser David DW <david.houser () zcswilm zeneca com>]

Cisco pulled the Centri product 3Q last year - Although they will continue
to support it until Aug 2001
It apparently infringed on their other product lines too closely.  

See http://www.cisco.com/warp/public/778/security/centri/786_pp.htm  for
more detail.

Most of the capability of the Centri product is reproduced in the Cisco IOS
Firewall product, which is simply an IOS Upgrade on a Cisco 1600 or 2500
series router to give added configurability.    Gives a Stateful Inspection
Packet Filter for various protocols, or more generically for TCP and UDP.
Can be used in conjunction with ACLs on the same box for added security.  

Comparing this to an Application Proxy firewall like Gauntlet may start a
religious war, so instead will apply standard questions.   What is the
nature of your business and how much security do you need (Risk Assessment),
what does your Site Policy call for (Policies defined by Mgmt), How much
resource do you expect to apply to the firewall, etc.    

As a rule of thumb,  I like the use of Stateful Inspec Pkt Filter for a
relatively trusted link, such as a 3rd party business partner (gives
accountability and manageability to the link without sacrificing speed),
while a full blown Applica Proxy is more appropriate for perimeter
protection to Public Network Access (Da Big "I").

DWH

> ----------
> From:         Colin Horsington[SMTP:c.horsington () aas com au]
> Sent:         Sunday, February 28, 1999 6:55 PM
> To:   'firewall-wizards () nfr net'
> Subject:      CISCO CENTRI FIREWALL
>
> Hi,
>
> Does anyone know what CISCO Centri Firewall (for NT 4.0) is like and how
> it
> may
> rate against gauntlet for BSD. Which is the better to implement as a
> firewall?
>
> Cheers
>
> C.horsington () aas com au