Firewall Wizards mailing list archives
Re: Cisco 2621 opinions
From: Carson Gaspar <carson () taltos org>
Date: Tue, 16 Jul 2002 16:48:23 -0400
--On Tuesday, July 16, 2002 1:29 PM -0400 Brian Ford <brford () cisco com> wrote:
The IOS Firewall is completely Stateful for TCP; builds state for UDP connections; offers all the IOS ACLs (Standard, Extended, Reflexive, Dynamic and Time of Day); as well as ICMP filtering. You have extensive IOS Syslog capabilities. You have access to all the IOS QOS mechanisms.
Please define "completely stateful". Does it do sequence number verification? If so, does it use a fixed window or spy on the TCP window negotiations? Does it handle window scaling?
"extensive IOS syslog capabilities" - that would be to send unencrypted, unsigned traffic via lossy UDP, right? Or has something been added that I don't know about? I know the PIX can do TCP, but last I checked IOS couldn't, and neither encrypts or signs. (And please don't mention IPSEC tunnels ;-)
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Cisco 2621 opinions, (continued)
- Re: Cisco 2621 opinions Charles W. Swiger (Jul 15)
- Re: Cisco 2621 opinions Patrick M. Hausen (Jul 16)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- RE: Cisco 2621 opinions Henry Sieff (Jul 13)
- RE: Cisco 2621 opinions Kent, Ashley (Jul 15)
- RE: Cisco 2621 opinions Brian Ford (Jul 15)
- RE: Cisco 2621 opinions Iannaccone, Al (Jul 15)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- Re: Cisco 2621 opinions Brian Ford (Jul 16)
- Re: Cisco 2621 opinions Patrick Darden (Jul 16)
- Re: Cisco 2621 opinions Carson Gaspar (Jul 16)