From: Chuck Church (cchurch@magnacom.com)
Date: Thu Oct 17 2002 - 12:14:23 GMT-3
Sam,
CBAC is a superset of reflexive ACLs. CBAC adds the ability to look into
some packets' layer 4 info, to make sure only commands that are valid for
that protocol are being used in that protocol. It also adds protection
against denial of service attacks, although you can get close to that with
the TCP intercept feature. You're better off having the CBAC (Firewall
feature set) if this is the only firewall connecting to the internet. Just
my personal opinion though.
Chuck Church
CCIE #8776, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Sam.MicroGate@usa.telekom.de
Sent: Thursday, October 17, 2002 9:36 AM
To: ccielab@groupstudy.com
Subject: Reflexive AL and CBAC
Hello everyone,
Can someone tell the main difference between the reflexive access list and
class based access control? They seem very similar to me. The same use and
the concept. The both filter traffic at the edge of the network. Only
traffic that originated from the inside will pass to the outside unless you
configure otherwise. Thanks.
Sam
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:52 GMT-3