From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Tue Jul 22 2008 - 17:22:22 ART
They don't employ this concept because they 'deny' all traffic by default.
On the Netscreen, you can change this default behavior by means of a CLI
command. Cisco on the other hand allows traffic from higher security to
lower security by default! Cisco argues that this eases deployments, the
other vendors suggest that a security device should not permit anything
except specifically permitted by the user. There is nothing much to it.
Regards
Farrukh
On Wed, Jul 23, 2008 at 12:08 AM, Christopher Copley <copley.chris@gmail.com>
wrote:
> Paul,
>
> Thanks, now I understand it! I am working on a R&S CCIE lab and I have
> never touched a ASA before. I have always used Checkpoint or Netscreen
> (both of them are our Corp standards) I was handed an ASA this morning and
> told to have it working by friday. I am very sorry if this was a basic
> question, but I was put under the gun in a short time period by mgt. I
> looked at the Cisco Doc CD and the wording for this part was confusing to
> me. Checkpoint and Netscreen do not use the concept of security numbering
> on interfaces and the new approch to firewalls made my head spin. And it
> is
> hard to get interaction from a Doc CD when you dont understand it.
>
> Chris
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART