Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Using Cisco IOS firewall feature set

To: [email protected]
Subject: Re: [FW-1] Using Cisco IOS firewall feature set
From: Joe Pampel <[email protected]>
Date: Wed, 16 Jan 2002 16:17:28 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

we run it on our routers as an extra layer of protection, to control traffic on the LAN and to cut
down on traffic that gets logged to IDS, FW, etc. (make the logs count..)
I think it's just newish and folks are worried about CPU too much? I think it works well although our loads are not that heavy in general. I've only run it on 3600 series routers, dunno about switches, sorry!

- Joe

btw - i think it's a great idea. you should do it IMHO (for whatever that's worth!)

ps: you can use kiwi syslog server to catch the log entries and stuff them into MSSQL and then run coldfusion queries (or whatever) against that for a central monitoring website.. just an idea a buddy of mine is using.

>>> Eric Appelboom <[email protected]> 01/16/02 02:15PM >>>
I am looking at complimenting our FW-1's with switches installed with
the Cisco IOS firewall feature set.

I would like to implement this on 6500 switches also using layer 3
switching so inspection can be done on switches and not on fw nic.
We primarily would like to reduce unessesary internal to internal
traffic.

We will use the Cisco Policy Manager version 3 which appears to be
similar to the FW-1 GUI and not commandline.

There doesn't appear to be many people using the IOS firewall feature
set and it appears quite apt and manageable.
I am aware of the TCP\UDP only inspection limitation of CBAC.

Does anyone used the IOS firewall in production and can give advice?
Are there any peformance comparisons?

Regards
Eric




*** Disclaimer: The information in this email is confidential and is
intended solely for the addressee(s). Access to this email by anyone
else is unauthorised. If you are not an intended recipient, you must not
read, forward, print, use or disseminate the information contained in
the email. Any representations (contractual or otherwise), views or
opinions presented are solely those of the author and do not necessarily
represent those of the employer or any of its affiliates.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] Free S/WAN and VPN-1
Next by Date: Re: [FW-1] AW: [FW-1] Connection lost problem
Previous by thread: Re: [FW-1] Using Cisco IOS firewall feature set
Next by thread: Re: [FW-1] Using Cisco IOS firewall feature set
Index(es):
- Date
- Thread