[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Is there any way to load Checkpoint Firewall-1 on a Cisco router?

To: Edward Saxon <ed_saxon@hotmail.com>, fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] Is there any way to load Checkpoint Firewall-1 on a Cisco router?
From: "Young, Roger" <youngr@erinet.com>
Date: Mon, 03 May 1999 01:39:34 -0400

Ed,

Cisco was planning on building firewall software into its IOS. I'm not sure
where they are with it. I would be surprised if they would consider putting
FW-1 code on their routers at the moment. Check Point is seen as a
competitor of Cisco, I would think. Also consider how many Cisco routers
exist in the field at small end sites (this is the only place you would
even consider putting firewall code in a router).  Now think "marketing"
and not technical. If you charge say $200 for firewall code in the IOS for
a small router upgrade and there are 10 million of them out there - bingo!
Show me the money. Why pay Check Point royalties?  At least that's how I
would think if I were a marketing kinda guy.....

I'm not sure what context you intended with firewall code on a router, so
I'll offer a general response . For large routers with multiple interfaces,
forget traditional firewall implementation. How do you stealth a large
router? Which interface will be the external one? Will you not allow snmp
on it? Telnet to it? TFTP to it? RIP-2/OSPF? I think Cisco is smart enough
to keep (big) routers routing, switches switching, and (PIX) firewalls
firewalling. 

One shouldn't put firewall code on a router unless you are in a position to
control the box for just that purpose and with a single physical and
logical external interface. Folks out there try to kill 2 birds with one
stone (routing and firewalling on the same box) and you want to avoid the
inclination.  Some may want to check with Cisco to see where they are with
firewall code in the IOS.  If they are selling it, my guess it's on small
routers at the peripheral edge of the network.

Roger

At 01:13 PM 4/29/99 -0700, Edward Saxon wrote:
>
>Hi,  
>
>Is there any way to load Checkpoint Firewall-1 on a Cisco router?
>
>With FW-1 on my Cisco, I figure is can be used to strengthen my 
>DMZ.    
>
>Is such a scenario not significantly better and more secure than a 
>router in the front with simple ACL^Òs?
>
>
>Any comments?
>
>Thanks,
>Ed
>
>
>
>_______________________________________________________________
>Get Free Email and Do More On The Web. Visit http://www.msn.com
>
>
>============================================================================
>====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>============================================================================
>====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] infor about Checkpoint management server
Next by Date: RE: [FW1] Is there any way to load Checkpoint Firewall-1 on a Cis co router?
Prev by thread: Re: [FW1] infor about Checkpoint management server
Next by thread: RE: [FW1] Is there any way to load Checkpoint Firewall-1 on a Cis co router?
Index(es):
- Date
- Thread