Re: Firewalls that generate new packets..

["Paul D. Robertson" <paul () compuwar net>]

On Mon, 26 Nov 2007, Bill McGee (bam) wrote:

I'm probably going to throttle this thread after this, because it's 
getting into semantics and marketing...

> You're right that there has been a great deal of convergence and feature
> parity development between PIX/ASA and the IOS and CatOS Firewalls.
> This, again, is "on purpose." It's part of Cisco's position that
> security and risk reduction are better when the disparate parts of your
> security and network solutions work together.

But to say they're *different* due to some magic strategy is still 
disingenious, they're different because _they were different at the 
start_, not because Cisco suddenly had some great epiphany to create a 
security product on a new platform with a new codebase so that their 
customers could feel secure that a bug in their screening router wouldn't 
affect their firewall.
  
It was also Cisco's position at one point that IOS uber alles should be 
the mantra- I remember early on saying something along the lines of "I 
wouldn't buy a PIX because they're flawed, but moving them to IOS is going 
to make me even less likely to buy any of them since I'm using IOS on my 
screening routers and providing the same codebase in every portion of my 
security infrastructure is stupid."  *That* would have been screwing it 
up.  The fact that the "let's screw it up" plan didn't happen is good, but 
it's not the same as designing two very different products from the start.

> A plan in progress (and yes, I've been here for ten years and am pretty
> sure we have had, and continue to have a strategy) means that at any
> moment in time you are only going to see what's available then. That's
> why the positioning and messaging evolves over time. At one time, we had

Yes, but your current "positioning message" appears to be "We made two 
different products and kept them seperate..." not "We started with two 
different products and didn't merge them..."

> It's not quite the same thing, IMO, as just managing to not "screw it
> up."

You start with an apple you bought from a friend and an orange you grew 
in your garden, you at some point decide to proclaim that you shall turn 
the apple into an orange, then decide not to.  

You then proclaim that you made the apple and orange different on purpose.  

That's how your "positioning message" came across to me and to a large 
number of readers on this list- couple (*cough*) that with a term like 
"positioning statement" and then ask us what "position" we think a 
vendor's thinking their customer is in when they use that term.

It was 50/50 if I should have approved the original message because it's 
mostly marketing fluff.  I get a fair number of questions about approving 
marginal messages when I do so- this thread's about run it's course, seems 
like you're sticking with your position and I'm sticking with mine- so 
we'll just have to agree to differ.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards