doe Pix 501 scan application layer re osi model?

Discussion in 'Cisco' started by Kerry, Jan 19, 2004.

  1. Kerry

    Kerry Guest

    greetings. just bought 2 pix 501s for playing...

    A friend told me that the pix doesn't do application layer scanning like
    checkpoint or raptor.

    is this true? How do I verify?

    thanks, Kerry

    --
    please remove x0x0 when replying
    thanks
     
    Kerry, Jan 19, 2004
    #1
    1. Advertisements

  2. In article <yNXOb.86659$5V2.118938@attbi_s53>,
    Kerry <> wrote:
    :greetings. just bought 2 pix 501s for playing...

    :A friend told me that the pix doesn't do application layer scanning like
    :checkpoint or raptor.

    :is this true? How do I verify?

    The PIX doesn't do virus checking, if that's what you mean; it also
    does not provide user-programmable checking.

    For information on the kind of application-level checking that the PIX
    does do, see the Command Reference description of the 'fixup' command.
    --
    "Mathematics? I speak it like a native." -- Spike Milligan
     
    Walter Roberson, Jan 19, 2004
    #2
    1. Advertisements

  3. Kerry

    Jason Kau Guest

    Walter Roberson <-cnrc.gc.ca> wrote:
    > In article <yNXOb.86659$5V2.118938@attbi_s53>,
    > Kerry <> wrote:
    > :greetings. just bought 2 pix 501s for playing...
    >
    > :A friend told me that the pix doesn't do application layer scanning like
    > :checkpoint or raptor.
    >
    > :is this true? How do I verify?
    >
    > The PIX doesn't do virus checking, if that's what you mean; it also
    > does not provide user-programmable checking.
    >
    > For information on the kind of application-level checking that the PIX
    > does do, see the Command Reference description of the 'fixup' command.


    I believe the original poster is talking about "deep packet inspection" or
    "application inspection" which means doing things similar to what the PIX
    "fixup" and "ip audit" (IDS) commands currently offer, but doing a lot more
    stuff along those lines. In other words, trying to do as much
    application-level inspection/checking/mangling as a application-proxy
    firewall (e.g. Raptor or Sidewinder/Gauntlet) without actually having to
    intercept the connection and incurring the associated performance hit.

    CheckPoint's application inspection (SmartDefense + some stuff specified in
    the security rule base) is considerably more feature rich than the PIX's
    "fixup" and "ip audit" commands.

    For a list of stuff CheckPoint firewalls can block check out:

    http://www.checkpoint.com/appint/appint_application_layer.html

    SmartDefense also supports automatic signature updates. However, I don't
    believe CheckPoint supports the creation of customized signatures like you
    can do with say a NetScreen IDP appliance or IOS NBAR.

    --
    Jason Kau
    http://www.cnd.gatech.edu/~jkau
     
    Jason Kau, Jan 20, 2004
    #3
  4. Kerry

    Kerry Guest

    thanks for the info...sounds like the Pix does some app scanning but not as
    deep as others...

    I'll start another post on a question of Pix firewalls versus others as in
    preference

    thanks again, Kerry

    --
    please remove x0x0 when replying
    thanks
    "Jason Kau" <> wrote in message
    news:buipt4$h21$...
    > Walter Roberson <-cnrc.gc.ca> wrote:
    > > In article <yNXOb.86659$5V2.118938@attbi_s53>,
    > > Kerry <> wrote:
    > > :greetings. just bought 2 pix 501s for playing...
    > >
    > > :A friend told me that the pix doesn't do application layer scanning

    like
    > > :checkpoint or raptor.
    > >
    > > :is this true? How do I verify?
    > >
    > > The PIX doesn't do virus checking, if that's what you mean; it also
    > > does not provide user-programmable checking.
    > >
    > > For information on the kind of application-level checking that the PIX
    > > does do, see the Command Reference description of the 'fixup' command.

    >
    > I believe the original poster is talking about "deep packet inspection" or
    > "application inspection" which means doing things similar to what the PIX
    > "fixup" and "ip audit" (IDS) commands currently offer, but doing a lot

    more
    > stuff along those lines. In other words, trying to do as much
    > application-level inspection/checking/mangling as a application-proxy
    > firewall (e.g. Raptor or Sidewinder/Gauntlet) without actually having to
    > intercept the connection and incurring the associated performance hit.
    >
    > CheckPoint's application inspection (SmartDefense + some stuff specified

    in
    > the security rule base) is considerably more feature rich than the PIX's
    > "fixup" and "ip audit" commands.
    >
    > For a list of stuff CheckPoint firewalls can block check out:
    >
    > http://www.checkpoint.com/appint/appint_application_layer.html
    >
    > SmartDefense also supports automatic signature updates. However, I don't
    > believe CheckPoint supports the creation of customized signatures like you
    > can do with say a NetScreen IDP appliance or IOS NBAR.
    >
    > --
    > Jason Kau
    > http://www.cnd.gatech.edu/~jkau
     
    Kerry, Jan 20, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.