Date: Fri, 23 Apr 1999 10:46:09 +0530
> From: pdmallya <[EMAIL PROTECTED]>
> Subject: RE: Cisco IOS
>
> Hi,
> Cisco has software which runs on its routers which they call the
> Firewalling
> Feature Set. Has anyone on this list had any experience using it, or
> evaluated it?
> Regards
> Prabhakar D. Mallya
>
>
You're referring to the Cisco IOS Firewall Feature set, which provides a
stateful inspection Packet filter for about a dozen protocols, some good and
some not so... Is just an additional feature set to allow CBAC (Context
based Access Control - this is Stateful Inspection for us non-marketing
types) on lower level Ciscos ( I think 1600s and 2500s for now, may be
moving up to larger platforms). All the normal stuff is still allowed, so
the "Firewall" router can also do NAT, normal ACLs, Cisco Lock-and-Key
(strong password authentication like SecurID), etc.
I've used it at a client site to secure 3rd party business partner links,
typically where there is a contractual agreement in place as well.
An excerpt from a doc at
http://www.cisco.com/warp/public/732/net_foundation/firew_wp.htm giving
some overview
If a protocol is configured for CBAC, its traffic is inspected, state
information maintained, and, in general, return packets are permitted
through the firewall if they belong to a valid existing session. See a
complete list of CBAC-supported protocols in Appendix A. Following is a
partial list of common applications and protocols:
* FTP
* SMTP
* H.323 (such as NetMeeting or ProShare)
* Java
* Trivial File Transfer Protocol (TFTP)
* UNIX r-commands (such as remote login [r-login], remote exec
[r-exec], and remote shell protocol [r-sh])
* RealAudio
* Sun RPC (not DCE RPC; not Microsoft RPC)
* The WhitePine version of CU-SeeMe
* SQL*Net
* StreamWorks
* VDOLive
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
