Firewall Wizards mailing list archives

Re: Cisco 2621 opinions

From: Carson Gaspar <carson () taltos org>
Date: Tue, 16 Jul 2002 16:48:23 -0400

--On Tuesday, July 16, 2002 1:29 PM -0400 Brian Ford <brford () cisco com>wrote:

The
IOS Firewall is completely Stateful for TCP; builds state for UDP
connections; offers all the IOS ACLs (Standard, Extended, Reflexive,
Dynamic and Time of Day); as well as ICMP filtering.  You have extensive
IOS Syslog capabilities.  You have access to all the IOS QOS mechanisms.

Please define "completely stateful". Does it do sequence numberverification? If so, does it use a fixed window or spy on the TCP windownegotiations? Does it handle window scaling?

"extensive IOS syslog capabilities" - that would be to send unencrypted,unsigned traffic via lossy UDP, right? Or has something been added that Idon't know about? I know the PIX can do TCP, but last I checked IOScouldn't, and neither encrypts or signs. (And please don't mention IPSECtunnels ;-)


--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Cisco 2621 opinions, (continued)
- - - Re: Cisco 2621 opinions Charles W. Swiger (Jul 15)
    - Re: Cisco 2621 opinions Patrick M. Hausen (Jul 16)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- RE: Cisco 2621 opinions Henry Sieff (Jul 13)
- RE: Cisco 2621 opinions Kent, Ashley (Jul 15)
- RE: Cisco 2621 opinions Brian Ford (Jul 15)
- RE: Cisco 2621 opinions Iannaccone, Al (Jul 15)
- Re: Cisco 2621 opinions Patrick Darden (Jul 15)
- Re: Cisco 2621 opinions Brian Ford (Jul 16)
  - Re: Cisco 2621 opinions Patrick Darden (Jul 16)
  - Re: Cisco 2621 opinions Carson Gaspar (Jul 16)