PIX 600 Series Rumors

Discussion in 'Cisco' started by Thebigone, Feb 10, 2004.

  1. Thebigone

    Thebigone Guest

    Wow Imagine a PIX that adds the power of the Packeteer and the power of NBAR
    and the power of SMTP AV rolled into one box.
    Thebigone, Feb 10, 2004
    #1
    1. Advertising

  2. Thebigone

    Ivan Ostres Guest

    In article <c09nv0$142pl4$-berlin.de>,
    says...
    > Wow Imagine a PIX that adds the power of the Packeteer and the power of NBAR
    > and the power of SMTP AV rolled into one box.
    >
    >
    >
    >


    You don't need to imagine, just get checkpoint or netscreen :)

    --
    Ivan
    Ivan Ostres, Feb 10, 2004
    #2
    1. Advertising

  3. Thebigone

    Tim Guest

    "Ivan Ostres" <> wrote in message
    news:c0a45u$15dc07$-berlin.de...
    > In article <c09nv0$142pl4$-berlin.de>,
    > says...
    > > Wow Imagine a PIX that adds the power of the Packeteer and the power of

    NBAR
    > > and the power of SMTP AV rolled into one box.
    > >
    > >
    > >
    > >

    >
    > You don't need to imagine, just get checkpoint or netscreen :)
    >
    > --
    > Ivan


    even Fortinet fortigate !!
    Tim, Feb 10, 2004
    #3
  4. "Thebigone" <> wrote:

    > Wow Imagine a PIX that adds the power of the Packeteer and
    > the power of NBAR and the power of SMTP AV rolled into one box.


    My opinion is that a firewall should follow the KISS pattern
    (Keep It Simple, Stupid).

    If you want to have all the bells and whistles, please go ahead:

    http://www.securityfocus.com/archive/1/352884
    Jyri Korhonen, Feb 10, 2004
    #4
  5. Thebigone

    Jason Kau Guest

    Jyri Korhonen <> wrote:
    > "Thebigone" <> wrote:
    >> Wow Imagine a PIX that adds the power of the Packeteer and
    >> the power of NBAR and the power of SMTP AV rolled into one box.

    >
    > My opinion is that a firewall should follow the KISS pattern
    > (Keep It Simple, Stupid).


    I tend to agree. I wish someone would develop a firewall with the
    simplicity of the PIX but the centralized management tools of
    CheckPoint. And of course I wish the PIX was a little more flexible.
    The Inability to route back out the same interface you came in and
    the inability to change the ports for SCEP are, for example, just
    ridiculous limitations.

    --
    Jason Kau
    IS FOR EMAIL
    IS FOR SPAM
    http://www.cnd.gatech.edu/~jkau
    Jason Kau, Feb 12, 2004
    #5
  6. Thebigone

    Memnoch Guest

    On Thu, 12 Feb 2004 06:31:53 +0000 (UTC), Jason Kau
    <> wrote:

    >Jyri Korhonen <> wrote:
    >> "Thebigone" <> wrote:
    >>> Wow Imagine a PIX that adds the power of the Packeteer and
    >>> the power of NBAR and the power of SMTP AV rolled into one box.

    >>
    >> My opinion is that a firewall should follow the KISS pattern
    >> (Keep It Simple, Stupid).

    >
    >I tend to agree. I wish someone would develop a firewall with the
    >simplicity of the PIX but the centralized management tools of
    >CheckPoint. And of course I wish the PIX was a little more flexible.
    >The Inability to route back out the same interface you came in and
    >the inability to change the ports for SCEP are, for example, just
    >ridiculous limitations.


    But I would guess are just limitations of the software and therefore
    changeable hopefully.
    Memnoch, Feb 12, 2004
    #6
  7. In article <>,
    Memnoch <> wrote:
    |On Thu, 12 Feb 2004 06:31:53 +0000 (UTC), Jason Kau
    |<> wrote:

    |>And of course I wish the PIX was a little more flexible.
    |>The Inability to route back out the same interface you came in and
    |>the inability to change the ports for SCEP are, for example, just
    |>ridiculous limitations.

    |But I would guess are just limitations of the software and therefore
    |changeable hopefully.

    Ports for scep is "just software", but ability to route back out
    the same interface would require a substantial revision of the
    processing model.

    Suppose you have a packet on the inside interface trying to
    go to the inside interface. Should it be permitted by default,
    on the grounds that it isn't destined for a higher security interface,
    or should it be denied by default, on the grounds that it isn't
    destined for a lower security interface? If you create a
    static (inside, inside) then should the source IP be NAT'd on
    the grounds that it isn't destined for a higher security interface,
    or should the destination IP be NAT'd, on the grounds that it isn't
    destined for a lower security interface? And having once made
    your choice, then what happens when the reply packet comes along:
    how do you know which "side" of the conversation it is so that you
    know which NAT to apply?

    If someone asks to make an IPSec connection and names their own
    IP address as their destination, then for any given packet, do you
    insist that the packet be protected by AH/ESP (on the grounds
    that it's from the protected stream), or do you say that any unprotected
    packet must be the local reply that has to be wrapped in IPSec and sent
    back?

    Yes, you could add a wart onto the PIX code so that packets destined
    for the same interface are just sent out again, but that wouldn't be
    in keeping with the security model or in keeping with much of anything
    else on the PIX.

    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
    Walter Roberson, Feb 24, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Zenner
    Replies:
    3
    Views:
    459
    Laura A. Robinson
    Oct 28, 2004
  2. zxcvar
    Replies:
    3
    Views:
    3,677
    Dave Martindale
    Sep 9, 2003
  3. Maximo Lachman

    Wtd - CD for Epson Perfection 600 series

    Maximo Lachman, Oct 15, 2003, in forum: Digital Photography
    Replies:
    0
    Views:
    367
    Maximo Lachman
    Oct 15, 2003
  4. Sam Taylor

    Lexmark 600 series printer problem

    Sam Taylor, Nov 6, 2008, in forum: Computer Support
    Replies:
    8
    Views:
    846
    chuckcar
    Nov 9, 2008
  5. Becky

    Corsair CX Series Modular CX600M 600 W

    Becky, Apr 25, 2013, in forum: Front Page News
    Replies:
    0
    Views:
    520
    Becky
    Apr 25, 2013
Loading...

Share This Page