[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Using Cisco IOS firewall feature set
I have used Cisco Firewall IOS on many platforms but to my knowledge you can't implement it on the 6500 platform without disabling fast switching which REALLY hoses the speed of the 6500. You are better off using a NAM and IDS to monitor your traffic OR use a 7200 or 3600 to run edge routing services. If you're looking for chinese walls inside your network use VLANs on the 6500. But IOS FW feature set is more for edge router situations. Mike Hawkins -----Original Message----- From: Eric Appelboom [mailto:[email protected]] Sent: Wednesday, January 16, 2002 2:15 PM To: [email protected] Subject: [FW-1] Using Cisco IOS firewall feature set I am looking at complimenting our FW-1's with switches installed with the Cisco IOS firewall feature set. I would like to implement this on 6500 switches also using layer 3 switching so inspection can be done on switches and not on fw nic. We primarily would like to reduce unessesary internal to internal traffic. We will use the Cisco Policy Manager version 3 which appears to be similar to the FW-1 GUI and not commandline. There doesn't appear to be many people using the IOS firewall feature set and it appears quite apt and manageable. I am aware of the TCP\UDP only inspection limitation of CBAC. Does anyone used the IOS firewall in production and can give advice? Are there any peformance comparisons? Regards Eric *** Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, forward, print, use or disseminate the information contained in the email. Any representations (contractual or otherwise), views or opinions presented are solely those of the author and do not necessarily represent those of the employer or any of its affiliates. <<Disclaimer>> This electronic mail is intended only for the use of the addressee(s) named herein. Unless otherwise specifically stated, the views contained and expressed in this electronic mail are strictly those of the individual sender and are not the views of the Company or any of its Directors or other employees. If you are not the intended recipient of this electronic mail, you are hereby notified that any dissemination, distribution or coping of this electronic mail is strictly prohibited. If you received this electronic mail in error please immediately notify us by return electronic mail and delete this electronic mail from your system. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|