On Wed, Mar 03, 1999 at 04:58:10PM -0500, Paul Gracy wrote:
> Actually, I would be extremely surprised if Cisco discontinued PIX.
>
> PIX has several advantages over a router used as a firewall.
> Routers by default let all packets through, PIX default lets nothing
> through.
Hmm - that's not really an issue. If you are using IP/Firewall, you will be
using ACLs, and the "fall-off" default ACL is DENY.
> PIX has an encryption card that can be added for both site to site and
> client to site encryption stuff.
?? Does it? As far as I was aware, Cisco is still working on that... (or am
I confusing this with their VPN card offering?).
> PIX's OS is designed to severely limit stupidity. It doesn't speak ospf,
> bgp, etc. It does not actively partipate in RIP, although it can listen.
configurable..
> You can't telnet to it from outside the firewall. You can't telnet from
> inside until you specify who can and who can't (by IP address). You can't
> telnet from it (I thought that was interesting.).
> PIX has some application level stuff, see the 'fixup protocol smtp' command.
> The routers AFAIK do not.
> etc.
configurable with IP/Firewall - including the SMTP stuff.
The only thing PIX has going for it is that it can be configured and
installed by someone who doesn't know what they are doing... (I doubt that
statement applies to anyone on this list!).
"Ohhh, pretty GUI interface!!!" ;-)
[sorry, feeling severely anti "gui-philosphy" at the moment...]
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
