Keegan,
I'm not sure which part is bothering you but I was simply stating an
opinion. Are you referring to what I quoted from the SEM? Or my viewpoint?
Charles Henson
|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|<Keegan.Holley_at_sungard.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Charles.Henson_at_regions.com |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|"Cisco certification" <ccielab_at_groupstudy.com>, "jack daniels" <jckdaniels12_at_gmail.com>, "Mike Kraus (mikraus)" <mikraus_at_cisco.com>, |
|nobody_at_groupstudy.com |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|12/19/2009 08:45 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|RE: BGP on PIX525 |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Wow, I'm not sure what's worse this statement or the fact that it's
supported by the vendor. Not to offend anyone but there are loads of
implementations where it's better to run routing protocols on the
firewalls. Just about anywhere where you need failover based on network
topology changes and can't run one of the next hop redundancy protocols.
Also money comes into it. Why by two 10-20K boxes when you can get away
with one. There are a few firewalls that come with advanced routing
capabilities like mpls and such out of the box. The juniper SRX series
comes to mind.
From: <Charles.Henson_at_regions.com>
To: "Mike Kraus (mikraus)" <mikraus_at_cisco.com>
Cc: "Cisco certification" <ccielab_at_groupstudy.com>, "jack daniels"
<jckdaniels12_at_gmail.com>, nobody_at_groupstudy.com
Date: 12/18/2009 01:27 PM
Subje RE: BGP on PIX525
ct:
Sent <nobody_at_groupstudy.com>
by:
Mike,
I wasn't speaking for any individual within Cisco. I'm more Security
that R/S and have done Firewalls from every vendor there is (including the
crappy ones that will go unnamed) and many years ago I ribbed an area SEM
about the issue. His response, while unofficial, was that it didn't make
sense for FWs to run routing protocols. I certainly understand prioritizing
features like IPv6 or VPN stuff. However, many other vendors with less
resources than Cisco have managed to find the time for it. :) From personal
experience, I can say that I have worked with FWs that have taken part in
routing protocols and for the most part they've never been exactly what you
wanted. Personally I say routers route and firewalls block. And they don't
mix. But when the marketing guys want feature parity with the competition,
sometimes things change....
Charles Henson
From: "Mike Kraus (mikraus)" <mikraus_at_cisco.com>
To: <Charles.Henson_at_regions.com>
Cc: "Cisco certification" <ccielab_at_groupstudy.com>, "jack daniels"
<jckdaniels12_at_gmail.com>, <nobody_at_groupstudy.com>
Date: 12/18/2009 11:36 AM
Subject: RE: BGP on PIX525
I wouldn't say that it's as direct as "FWs should not", but whether it
makes sense from a market perspective. Traditionally, Cisco firewalls
didn't support IGPs either, but some have been added (EIGRP/OSPF). So,
it's a matter of prioritization, for example, should we be building out
BGP on the ASA, more IPv6 features, or next-generation VPN features? We
don't have unlimited resources, even within Cisco, so we have to
determine where to focus our efforts.
So, are there folks within Cisco that think adding BGP to the ASA make
sense? Of course! Will it be done, well, that's a much more
complicated answer. And, I certainly wouldn't be at liberty to disclose
future roadmap information on groupstudy either. :D
-----Original Message-----
From: Charles.Henson_at_Regions.com [mailto:Charles.Henson_at_Regions.com]
Sent: Friday, December 18, 2009 9:59 AM
To: Mike Kraus (mikraus)
Cc: Cisco certification; jack daniels; nobody_at_groupstudy.com
Subject: RE: BGP on PIX525
Jack,
Jokes aside I think the reason was more philosophical than
anything.
Cisco - "FWs should not run routing protocols". I could be mistaken.
CheckPoint has done it for years and NetScreen does it as well.
Charles Henson
From: "Mike Kraus (mikraus)" <mikraus_at_cisco.com>
To: "jack daniels" <jckdaniels12_at_gmail.com>, "Cisco
certification" <ccielab_at_groupstudy.com>
Date: 12/18/2009 09:54 AM
Subject: RE: BGP on PIX525
No, the PIX/ASA code does not support BGP today.
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
jack daniels
Sent: Friday, December 18, 2009 7:30 AM
To: Cisco certification
Subject: BGP on PIX525
Hi guys,
can I run BGP on PIX 525 , if yes how scalable is it ( if any doc for
same)
Regards
Blogs and organic groups at http://www.ccie.net
Received on Mon Dec 21 2009 - 08:30:53 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 02 2010 - 11:11:08 ART