[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [FW1] Is there any way to load Checkpoint Firewall-1
Ed,
Do you want to import the rules set or run a "Firewall". If rules, check the
archives, otherwise, yes CISCO do have their own Firewall which is an upgrade
option to IOS (small routers, it's about $1K extra but you need to upgrade the
DRAM and flash RAM).
adios,
Damian.
____________________Reply Separator____________________
Subject: Re: [FW1] Is there any way to load Checkpoint Firewall-1 on
Author: "Young Roger" <youngr@erinet.com>
Date: 03/05/1999 1:39 AM
Ed,
Cisco was planning on building firewall software into its IOS. I'm not sure
where they are with it. I would be surprised if they would consider putting
FW-1 code on their routers at the moment. Check Point is seen as a
competitor of Cisco, I would think. Also consider how many Cisco routers
exist in the field at small end sites (this is the only place you would
even consider putting firewall code in a router). Now think "marketing"
and not technical. If you charge say $200 for firewall code in the IOS for
a small router upgrade and there are 10 million of them out there - bingo!
Show me the money. Why pay Check Point royalties? At least that's how I
would think if I were a marketing kinda guy.....
I'm not sure what context you intended with firewall code on a router, so
I'll offer a general response . For large routers with multiple interfaces,
forget traditional firewall implementation. How do you stealth a large
router? Which interface will be the external one? Will you not allow snmp
on it? Telnet to it? TFTP to it? RIP-2/OSPF? I think Cisco is smart enough
to keep (big) routers routing, switches switching, and (PIX) firewalls
firewalling.
One shouldn't put firewall code on a router unless you are in a position to
control the box for just that purpose and with a single physical and
logical external interface. Folks out there try to kill 2 birds with one
stone (routing and firewalling on the same box) and you want to avoid the
inclination. Some may want to check with Cisco to see where they are with
firewall code in the IOS. If they are selling it, my guess it's on small
routers at the peripheral edge of the network.
Roger
At 01:13 PM 4/29/99 -0700, Edward Saxon wrote:
>
>Hi,
>
>Is there any way to load Checkpoint Firewall-1 on a Cisco router?
>
>With FW-1 on my Cisco, I figure is can be used to strengthen my
>DMZ.
>
>Is such a scenario not significantly better and more secure than a
>router in the front with simple ACL's?
>
>
>Any comments?
>
>Thanks,
>Ed
>
>
>
>_______________________________________________________________
>Get Free Email and Do More On The Web. Visit http://www.msn.com
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the Postmaster.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
postmaster@cardlink.com.au
**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================