RE: Comparisons between Router ACLs and Firewalls

["Bill James" <bubbagates () comcast net>]

I guess what I am saying is it basically boils down to the hardware the
said ACL and Firewall is running on

 
Bill James

The objective of all dedicated employees should be to thoroughly analyze
all situations, anticipate all problems prior to their occurrence, have
answers for these problems, and move swiftly to solve these problems
when called upon.

However, When you are up to your ass in alligators it is difficult to
remind yourself your initial objective was to drain the swamp.
 

> -----Original Message-----
> From: Marcus J. Ranum [mailto:mjr () ranum com] 
> Sent: Saturday, January 03, 2004 5:42 PM
> To: Bill James; 'David Pick'
> Cc: firewall-wizards () honor icsalabs com
> Subject: RE: [fw-wiz] Comparisons between Router ACLs and Firewalls 
>
> Bill James wrote:
> > The problem with using ACL's is the load they can add to a 
> router. Most 
> > of Cisco's newer IOS' have IP Inspection and do OK but can add a 
> > tremendous load on the router.
>
> I've never found any good studies of ACL performance. Do you 
> have any references you can point us to?
>
> mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards