[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Cisco IOS firewall vs FW-1

To: "Firewall 1 Mailing List (E-mail)" <fw-1-mailinglist@lists.us.checkpoint.com>, "'chris.swensson@vistranet.com'" <chris.swensson@vistranet.com>
Subject: RE: [FW1] Cisco IOS firewall vs FW-1
From: "Edwards, Murray" <MURRAY.EDWARDS@cpmx.saic.com>
Date: Fri, 23 Apr 1999 16:56:11 +0100


Chris

We did an evaluation of Cisco IOS FireWall Feature Set for a client
quite recently. 

It provides a number of enhanced security features on top of the base
IOS security including Context Based Access Control (CBAC), basic audit
trail, attack detection and prevention, Java blocking and support for
the ConfigMaker GUI configuration tool (limited). The product seemd well
able to protect a network based on a combination of ACL's and CBAC
combined with the other security and audit features available both in
base IOS and the FireWall Feature Set.  It's also a reasonably cheap
option in terms of the hardware and software you need.

The main disadvantages of the IOS FireWall Feature Set were lack of
comprehensive management interface and inadequate auditing and alerting
facilities.  Both of these are key to minimising operational support and
management costs, particularly when you have multiple FireWalls. There
was nothing to match the facilities provided by the FW-1 GUI both in
terms of policy/rule management and logging.  We did link Cisco syslog
output to a product called "Private I" which provided a nice GUI
interface with ability to set alerts and do reports and so on. The Cisco
configuration to set up a simple testbed with ACL's, CBAC and links to
things like RADIUS got fairly involved and relies on a fair amount of
expertise with IOS - very easy to make a mistake and compromise your
site. 

Hope this helps.

Murray Edwards

Senior Systems Engineer
Network Services Management
SAIC Ltd

Tel:  +44 (0) 1224 333661
Fax: +44 (0) 1224 333924
Email: murray.edwards@cpmx.saic.com

> ----------
> From: 	Chris Swensson[SMTP:chris.swensson@vistranet.com]
> Sent: 	23 April 1999 04:13
> To: 	Firewall 1 Mailing List (E-mail)
> Subject: 	[FW1] Cisco IOS firewall vs FW-1
> 
> 
> Does anyone have any experience with Cisco's IOS firewall feature?
> Good
> points, bad points, what works, what doesn't, etc.  any help would be
> appreciated...  I have a customer that is looking at FW-1 and Cisco's
> IOS
> firewall and cant seem to make a decision.  Thanks in advance!
> 
> Chris Swensson
> Chris.swensson@vistranet.com
> Network Engineer
> Vistranet Communications
> 
> 
> 
> ======================================================================
> ==========
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ======================================================================
> ==========
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] strange problem resolving addresses
Next by Date: [FW1] Backup Procedures
Prev by thread: [FW1] Cisco IOS firewall vs FW-1
Next by thread: Re: Performance issues -- Re: [FW1] More Memory for FW1 Kernel
Index(es):
- Date
- Thread