Hi,
The FWSM works really at high bandwidth rates and integrates quite
well into a Catalyst (no cabling, your choice of being in front of
MSFC or behind, etc.) as long as you do not exceed limits on ACEs, see http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/specs.html#wpxref93963
- in very high security (or pedantic ;-)) environment it can happen
quite soon.
On Mar 26, 2008, at 15:25, Fred Reimer wrote:
The FWSM isn't a half-assed ASA. It is a firewall-only module. It
doesn't
have the VPN capabilities of the ASA, obviously does not have
modules you
can add like an IPS or CSC, and is strictly a firewall. It also
lags behind
in features; you'll notice that the FWSM is one or two features
"behind" an
ASA. I have no doubt you'll be impressed with the next major rev
when it
comes out though. So I wouldn't call the FWSM a half-assed ASA,
meaning it
wanted to be like an ASA but couldn't quite hack it. Rather, it
tries to
fit into a different role, and does quite well at it.
Thanks,
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christian
Sent: Tuesday, March 25, 2008 5:24 PM
To: Raul Lopez Nevot
Cc: [email protected]
Subject: Re: [c-nsp] FWSM - No Traceroute
traceroute is in ASA though...
/act# traceroute ?
Hostname or A.B.C.D Trace route to IPv4 address or hostname
/act# traceroute
and FWSM is like a half-ass ASA..thats why i am curious what exactly
is the
technical reason that there isnt a traceroute command
On Tue, Mar 25, 2008 at 5:12 PM, Raul Lopez Nevot
<[EMAIL PROTECTED]> wrote:
On Tue, Mar 25, 2008 at 8:17 PM, Christian <[EMAIL PROTECTED]>
wrote:
yeah why is there no traceroute command, sorrry not being clearer
This question only can be answered by cisco people, but I live with
cisco
PIX (so then ASA and FWSM, we have a few) since version 4.4 and
never was
this command there.
Since the PIX is not native from cisco (its OS, named Finesse, was
from
another company, Network Translation I think it was), and is not
IOS-powered, sure the former did not implement this command and
nobody at
Cisco did.
By the way, and sorry for the very BIG off-topic, do anybody know
the name
of Cisco Engineer that converted a PIX into FWSM? They told me this
engineer
is from Sabadell (Barcelona/Spain), and I'm from there, and it
would be
nice
to meet him!
Sorry again for the OT.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
HTH
Kaj
--
Kaj J. Niemi
<[EMAIL PROTECTED]>
+358 45 63 12000
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
