Re: transparent and routed firewalls from Joseph L. Brunner on 2011-08-09 (Ccielab archives 08/2011)

From: Joseph L. Brunner <joe_at_affirmedsystems.com>
Date: Tue, 9 Aug 2011 23:07:19 +0000

If it does what you want then sonicwall is the solution.

For every flaw you can find with the sonicwall I can find 2 on the asa 5520.

I'm not saying sonicwall is the best device, but given your requirements thrust on to you by "experts" you may have no choice.

If you can afford $70,000 buy Checkpoint.

Joe

From: imran ali [mailto:immrccie_at_gmail.com]
Sent: Tuesday, August 09, 2011 06:57 PM
To: Joseph L. Brunner
Cc: Cisco certification <ccielab_at_groupstudy.com>
Subject: Re: transparent and routed firewalls

Thanks for clarification, but dont want to compare ASA with sonic wall.
Asa can be compared with juniperbs firewalls but not with sonicwall (my opinion ) .

Can you imagine this buggy piece of crap drops most of my genuine traffic sensing them as attack traffic that too after disabling IPS service for which our company paid

On Wed, Aug 10, 2011 at 1:46 AM, Joseph L. Brunner <joe_at_affirmedsystems.com<mailto:joe_at_affirmedsystems.com>> wrote:
"how they want it to behave"

Who is the expert? Would you tell your doctor how you want him to save your child's life who came in with leukemia?

If you put the ASA into "bitw" mode (bump in the wire) or transparent mode, you stop if from effectively doing many things they want it to do in the future like terminating vpn traffic and running routing protocols. So again, while they may want something, they may not be knowledgeable enough to make a determination.

Perhaps you should look at Sonic wall - this appliance can do both at once, where Cisco ASA does not.

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com> [mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of imran ali
Sent: Tuesday, August 09, 2011 6:10 PM
To: Cisco certification
Subject: transparent and routed firewalls

hi all,

i have two asa 5520 , i need to setup active standby failover between them

however thier is a starnge requirement that my upper management wants me to
implement .

They wnat to firewall to behave as a transparent mode for one DMZ and for
other they want to run in routed mode.

is it possible ...any weird combintion fo virtuliastion can fulfill the
requirment ?

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 09 2011 - 23:07:19 ART

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART