From: Derek Small (Fuse) (dwsmall@xxxxxxxxxx)
Date: Wed Apr 19 2000 - 13:17:31 GMT-3
I think that is new one that Rich was talking about, 520, 515 and the new
506. It is out by the way, though I still can't find pricing on it. Anyone
seen a real list price yet? The new VPN appliance boxes are out also (3005,
3015, 3025?). They look awesome! Finally, a real competitor to the Nortel
Contivity.
Anyone heard anything about a security CCIE? It can't be far off.
Derek Small
dwsmall@fatkid.com
----- Original Message -----
From: Chad Marsh <chad@wa.net>
To: <ccielab@groupstudy.com>
Sent: Wednesday, April 19, 2000 10:29 AM
Subject: Re: PIX vs. router with access lists
> There is also a PIX 506 coming out for the small branch office, (2) 10Mb
> interfaces only, they say 7Mb throughput using 3DES, I think it's only
going
> to be $2-3K
>
> Chad Marsh
>
> ----- Original Message -----
> From: Derek Small (Fuse) <dwsmall@fatkid.com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, April 18, 2000 6:49 PM
> Subject: Re: PIX vs. router with access lists
>
>
> > Actually the router does IPSec with triple DES also, if you get the
right
> > feature set. There is a fourth model of the PIX due to be release in
> about
> > a month also, the PIX 535, which is rumored to have near gigabit
> > throughput!!!
> >
> > John,
> > To answer your question about what is Stateful inspection,..
> >
> > Stateful inspection means that the firewall looks at all packets and
makes
> > forwarding (or blocking) decisions, based on the data that resides in
the
> > packet at levels above level 3. Stateful inspection allows the PIX or
> > router with FireWall IOS, to examine traffic that is out bound, and
allow
> > returning packets for that connection to come back in. most stateful
> > inspection firewalls, at a minimum keep track of the negotiated TCP or
UDP
> > port number (the high number, the source on the outbound connection or
the
> > destination on inbound ones) and even the sequence numbers on TCP
> transfers,
> > to make sure that inbound packets are valid responses to a specific
> outbound
> > data flow. Stateful inspection firewalls are also capable of more
> in-depth
> > packet snooping, like looking for unnamed Java scripts in HTTP
transfers,
> or
> > illegal SMTP commands in SMTP connections. There are dozens, if not
> > hundreds of other that can be implemented. All stateful inspection
> > firewalls snoop for some of these types of attacks, it depends on the
> > quality of the firewall and engineer that wrote the code, as to how much
> > snooping is done.
> >
> > The firewall IOS actually requires you to enable packet snooping and at
> what
> > level. You can simply tell the box to do general inspecting on all UDP
> and
> > TCP traffic, or you can get more granular.
> >
> > Another benefit that the PIX has is hardware failover. You can do HSRP
> with
> > the routers but if you have to authenticate to a site or are in the
middle
> > of useing a shopping cart when the primary router goes down, you will
have
> > to log back into the site and start over. The PIX transfers you
existing
> > translations to the backup box, so you never even know it goes down.
Also
> > Cisco is adding load balancing to the PIX failover option in the next
> couple
> > of months, something you can't do with the routers, unless you have a
> > Local-Director.
> >
> >
> > Thank You
> >
> > Derek Small
> > dwsmall@fatkid.com
> >
> >
> > ----- Original Message -----
> > From: Richard Mott <richpmott@hotmail.com>
> > To: <jkconzone@home.com>; <ccielab@groupstudy.com>
> > Sent: Tuesday, April 18, 2000 8:56 PM
> > Subject: Re: PIX vs. router with access lists
> >
> >
> > >
> > > PIX has three models availible now.
> > >
> > > The PIX suports triple des encryption instead of the regular 56 bit
for
> > > ipsec.
> > >
> > > Rich Mott
> > > CCIE #5234
> > > Network Engineer
> > > Jannon Solutions
> > >
> > > >From: "John Conzone" <jkconzone@home.com>
> > > >Reply-To: "John Conzone" <jkconzone@home.com>
> > > >To: "ccielab" <ccielab@groupstudy.com>
> > > >Subject: PIX vs. router with access lists
> > > >Date: Tue, 18 Apr 2000 18:45:28 -0400
> > > >
> > > > Hi all. I've configured a few PIX boxes with basic configs,
inside
> > > >outside, etc. Not a PIX or security expert.
> > > > My question is what can a PIX do that a router with access
lists
> > > >can't? To be honest, the PIX seems like a cryptic way to do what can
be
> > > >done easier on a router with access list, at least to me.
> > > > I'm sure there is a good answer, so you PIX guys out there
tell
> > me
> > > >what it can do that a router can't!.
> > > >
> > > >
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3