Re: Firewalls that generate new packets..

["Bill McGee (bam)" <bam () cisco com>]

You're right that there has been a great deal of convergence and feature
parity development between PIX/ASA and the IOS and CatOS Firewalls.
This, again, is "on purpose." It's part of Cisco's position that
security and risk reduction are better when the disparate parts of your
security and network solutions work together.

A plan in progress (and yes, I've been here for ten years and am pretty
sure we have had, and continue to have a strategy) means that at any
moment in time you are only going to see what's available then. That's
why the positioning and messaging evolves over time. At one time, we had
two distinct solutions (later, three with the CatOS FWSM.) As the
firewall market matured and as we were able to add additional
intelligence into both the network and our security solutions, there was
a planned convergence between the various solutions, with the end game
being that any customer could select the solution (or more often,
combination of solutions) that was right for their organization, and
still have the same level of security combined with flexibility and
interoperability.

It's not quite the same thing, IMO, as just managing to not "screw it
up."

-----Original Message-----
From: Paul D. Robertson [mailto:paul () compuwar net] 
Sent: Monday, November 26, 2007 8:14 AM
To: Chris Blask
Cc: Firewall Wizards Security Mailing List; Paul Melson; Bill McGee
(bam)
Subject: Re: [fw-wiz] Firewalls that generate new packets..

On Sun, 25 Nov 2007, Chris Blask wrote:

> technical and marketing aspects of such things.  It is
> therefore also quite defensibly true what Bill said: <sic>
> "That is on purpose".

This is the part I have serious troubles with- "on purpose" implies that

it was a pre-planned, thought-out event, not that you just didn't screw
it 
up by not doing anything[1].  The code bases _started out differently_
for 
no reason other than the fact that the products were from different 
companies, on two different platforms.  To paint that fact as if it were

some sort of strategic plan does the readers of this list a disservice.

> PS - Paul R, my posts seem to again not be making the list,

The list is still moderated, it takes the moderator some time to get 
through the queue...

Paul
[1]  From what I recall when Cisco was repeatedly trying to get me to
buy 
in to the fact that PIX should be on my list of approved firewalls at 
Gannett, one of the points they kept trying to make was that PIX was 
getting more IOS features to make it easier for folks to deal with a 
single interface- so it would seem to me that even the keeping them
apart 
wasn't necessarily a planned event.  
------------------------------------------------------------------------
-----
Paul D. Robertson      "My statements in this message are personal
opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards