Re: is the ASA a true hardware solution?

[Paul Melson <pmelson () gmail com>]

On May 5, 2011, at 1:11 PM, Greg Whynott <Greg.Whynott () oicr on ca> wrote:

> in the context of the never ending debates related to software/hardware firewalls...
>
>
> i was looking inside of our newest 5580,   it appears to be a standard HP server box (DL585)  with a hardware 
> encryption accelerator option card inserted into a pci slot.  everything else appears to be verbatim to what you 
> would receive from HP if you ordered their high end x86 server box.
>
> should one not have any sort of encryption needs,  would this box considered a software firewall?    I couldn't find 
> one custom asic,  module  or other chip with a cisco brand stamp on it,  beyond the flash.
>
>
> thanks!
>
> -g

I can remember 10 years ago building a frankenPIX out of a PPro desktop, some Intel NICs, and the flash card spare from 
a Cisco PIX 520.  It ran 6.1 beautifully and thought it was a PIX 515E.  So, yes, it is and probably always has been 
possible to run PIX OS on non-Cisco hardware.

But since Cisco doesn't offer it that way, or support it that way, it's fair to refer to it as a hardware firewall.  
Unless you want to dissect the broader topic of where hardware ends and software begins.  In which case, this is the 
one true hardware firewall:

http://www.ranum.com/security/computer_security/papers/a1-firewall/

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards