[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Is there any way to load Checkpoint Firewall-1 on a Cis co router?
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
nokia 4110 black box has both FW1 and routing capabilities.
> -----Original Message-----
> From: Young, Roger [mailto:youngr@erinet.com]
> Sent: Monday, May 03, 1999 1:40 PM
> To: Edward Saxon; fw-1-mailinglist@lists.us.checkpoint.com
> Subject: Re: [FW1] Is there any way to load Checkpoint Firewall-1 on a
> Cisco router?
>
>
>
> Ed,
>
> Cisco was planning on building firewall software into its
> IOS. I'm not sure
> where they are with it. I would be surprised if they would
> consider putting
> FW-1 code on their routers at the moment. Check Point is seen as a
> competitor of Cisco, I would think. Also consider how many
> Cisco routers
> exist in the field at small end sites (this is the only place
> you would
> even consider putting firewall code in a router). Now think
> "marketing"
> and not technical. If you charge say $200 for firewall code
> in the IOS for
> a small router upgrade and there are 10 million of them out
> there - bingo!
> Show me the money. Why pay Check Point royalties? At least
> that's how I
> would think if I were a marketing kinda guy.....
>
> I'm not sure what context you intended with firewall code on
> a router, so
> I'll offer a general response . For large routers with
> multiple interfaces,
> forget traditional firewall implementation. How do you stealth a large
> router? Which interface will be the external one? Will you
> not allow snmp
> on it? Telnet to it? TFTP to it? RIP-2/OSPF? I think Cisco is
> smart enough
> to keep (big) routers routing, switches switching, and (PIX) firewalls
> firewalling.
>
> One shouldn't put firewall code on a router unless you are in
> a position to
> control the box for just that purpose and with a single physical and
> logical external interface. Folks out there try to kill 2
> birds with one
> stone (routing and firewalling on the same box) and you want
> to avoid the
> inclination. Some may want to check with Cisco to see where
> they are with
> firewall code in the IOS. If they are selling it, my guess
> it's on small
> routers at the peripheral edge of the network.
>
> Roger
>
>
>
>
>
>
> At 01:13 PM 4/29/99 -0700, Edward Saxon wrote:
> >
> >Hi,
> >
> >Is there any way to load Checkpoint Firewall-1 on a Cisco router?
> >
> >With FW-1 on my Cisco, I figure is can be used to strengthen my
> >DMZ.
> >
> >Is such a scenario not significantly better and more secure than a
> >router in the front with simple ACL's?
> >
> >
> >Any comments?
> >
> >Thanks,
> >Ed
> >
> >
> >
> >_______________________________________________________________
> >Get Free Email and Do More On The Web. Visit http://www.msn.com
> >
> >
> >=============================================================
> ===============
> >====
> > To unsubscribe from this mailing list, please see the
> instructions at
> > http://www.checkpoint.com/services/mailing.html
> >=============================================================
> ===============
> >====
>
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================