RE: BGP on PIX525

Mike,
      I wasn't speaking for any individual within Cisco. I'm more Security
that R/S and have done Firewalls from every vendor there is (including the
crappy ones that will go unnamed) and many years ago I ribbed an area SEM
about the issue. His response, while unofficial, was that it didn't make
sense for FWs to run routing protocols. I certainly understand prioritizing
features like IPv6 or VPN stuff. However, many other vendors with less
resources than Cisco have managed to find the time for it. :) From personal
experience, I can say that I have worked with FWs that have taken part in
routing protocols and for the most part they've never been exactly what you
wanted. Personally I say routers route and firewalls block. And they don't
mix. But when the marketing guys want feature parity with the competition,
sometimes things change....

Charles Henson

                                                                                                                                  
  From: "Mike Kraus (mikraus)" <mikraus_at_cisco.com>
                                                                                                                                  
  To: <Charles.Henson_at_regions.com>
                                                                                                                                  
  Cc: "Cisco certification" <ccielab_at_groupstudy.com>, "jack daniels" <jckdaniels12_at_gmail.com>, <nobody_at_groupstudy.com>
                                                                                                                                  
  Date: 12/18/2009 11:36 AM
                                                                                                                                  
  Subject: RE: BGP on PIX525
                                                                                                                                  

I wouldn't say that it's as direct as "FWs should not", but whether it
makes sense from a market perspective. Traditionally, Cisco firewalls
didn't support IGPs either, but some have been added (EIGRP/OSPF). So,
it's a matter of prioritization, for example, should we be building out
BGP on the ASA, more IPv6 features, or next-generation VPN features? We
don't have unlimited resources, even within Cisco, so we have to
determine where to focus our efforts.

So, are there folks within Cisco that think adding BGP to the ASA make
sense? Of course! Will it be done, well, that's a much more
complicated answer. And, I certainly wouldn't be at liberty to disclose
future roadmap information on groupstudy either. :D

-----Original Message-----
From: Charles.Henson_at_Regions.com [mailto:Charles.Henson_at_Regions.com]
Sent: Friday, December 18, 2009 9:59 AM
To: Mike Kraus (mikraus)
Cc: Cisco certification; jack daniels; nobody_at_groupstudy.com
Subject: RE: BGP on PIX525

Jack,
      Jokes aside I think the reason was more philosophical than
anything.
Cisco - "FWs should not run routing protocols". I could be mistaken.
CheckPoint has done it for years and NetScreen does it as well.

Charles Henson

  From: "Mike Kraus (mikraus)" <mikraus_at_cisco.com>

  To: "jack daniels" <jckdaniels12_at_gmail.com>, "Cisco
certification" <ccielab_at_groupstudy.com>

  Date: 12/18/2009 09:54 AM

  Subject: RE: BGP on PIX525

No, the PIX/ASA code does not support BGP today.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
jack daniels
Sent: Friday, December 18, 2009 7:30 AM
To: Cisco certification
Subject: BGP on PIX525

Hi guys,

can I run BGP on PIX 525 , if yes how scalable is it ( if any doc for
same)

Regards

Blogs and organic groups at http://www.ccie.net
Received on Fri Dec 18 2009 - 12:21:13 ART