On Fri, Oct 29, 2010 at 3:37 PM, Chris Evans <[email protected]>wrote:
> If you have to have cisco you could use an asr1k. They support line rate > stateful firewalling and all routing protocols that you could think of. > After reading your comment on asr1k, I started reading and here is what Cisco marketing says; how good asr1k be in reality for fw is something different: "Up to 20 Gbps of Zone Based Firewall, Deep Packet Inspection, in-box stateful firewall failover for nonstop services, all firewall processing done in Cisco Quantum Flow Processor, Integrated threat control to prevent and defend against attacks." Mack On Oct 29, 2010 6:23 PM, "Dean Smith" <[email protected]> wrote: > >>I'm sure it doesn't. Routers are routers, firewalls are firewalls. > > > > So very narrow minded. In a large complex enterprise environment a few > > thousand routes delivered dynamically to a firewall robustly via BGP > would > > be a godsend - and perfectly matched to the Cisco treatment of "high" and > > "low" security interfaces. We too have had to go transparent for this > reason > > alone in many places but its not always possible. (Oh and when will we > get > > an HTTPS inspect on ASA/FWSM!) > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
