Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Bill McGee (bam)" <bam () cisco com>
Date: Mon, 26 Nov 2007 08:09:55 -0800
You're right that there has been a great deal of convergence and feature parity development between PIX/ASA and the IOS and CatOS Firewalls. This, again, is "on purpose." It's part of Cisco's position that security and risk reduction are better when the disparate parts of your security and network solutions work together. A plan in progress (and yes, I've been here for ten years and am pretty sure we have had, and continue to have a strategy) means that at any moment in time you are only going to see what's available then. That's why the positioning and messaging evolves over time. At one time, we had two distinct solutions (later, three with the CatOS FWSM.) As the firewall market matured and as we were able to add additional intelligence into both the network and our security solutions, there was a planned convergence between the various solutions, with the end game being that any customer could select the solution (or more often, combination of solutions) that was right for their organization, and still have the same level of security combined with flexibility and interoperability. It's not quite the same thing, IMO, as just managing to not "screw it up." -----Original Message----- From: Paul D. Robertson [mailto:paul () compuwar net] Sent: Monday, November 26, 2007 8:14 AM To: Chris Blask Cc: Firewall Wizards Security Mailing List; Paul Melson; Bill McGee (bam) Subject: Re: [fw-wiz] Firewalls that generate new packets.. On Sun, 25 Nov 2007, Chris Blask wrote:
technical and marketing aspects of such things. It is therefore also quite defensibly true what Bill said: <sic> "That is on purpose".
This is the part I have serious troubles with- "on purpose" implies that it was a pre-planned, thought-out event, not that you just didn't screw it up by not doing anything[1]. The code bases _started out differently_ for no reason other than the fact that the products were from different companies, on two different platforms. To paint that fact as if it were some sort of strategic plan does the readers of this list a disservice.
PS - Paul R, my posts seem to again not be making the list,
The list is still moderated, it takes the moderator some time to get through the queue... Paul [1] From what I recall when Cisco was repeatedly trying to get me to buy in to the fact that PIX should be on my list of approved firewalls at Gannett, one of the points they kept trying to make was that PIX was getting more IOS features to make it easier for folks to deal with a single interface- so it would seem to me that even the keeping them apart wasn't necessarily a planned event. ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)