At 15:55 06/07/00 +0200, Mikael Olsson wrote:
>James Wilson wrote:
> >
> > Isn't the difference between it being a hardware and a software
> > solution whether or not the firewall operations take place in ASIC's?
>
>That used to be the definition until the marketing guys put the
>spin on their products. As I said, these days, "hardware firewall"
>tends to mean pre-packaged PC+software. Those that actually use ASICs
>tend to stress that point heavily in their marketing material to
>make people understand that it's the "real thing".
I agree with your convention. since "everybody" uses the word in some sense,
let's "be smarter" and use the same sense. otherwise, we'll end up with
recurrent
questions/answers where people don't talk about the same thing.
moreover (I think you said it in a previous message), there is no point in
developing
a real hardware firewall. Unlike a microwave oven, a firewall is a only
best effort solution, and
thus needs to be updated periodically. so, let's use the word as marketers...
> > Also, I was told in the past that the PIX operating system is based on
> > Unix - is this correct?
>
>I wouldn't be in the least surprised if it's based on a hardened
>NetBSD -- I know of several others that are. I don't know for sure
>though, so don't take my word for it.
As far as I know, IOS doesn't handle protocols above IP
(this may be a feature of new or next versions, though).
but a firewall generally needs to handle at least TCP, and a serious one
should handle TCP sessions. so, these would require a large rewrite of the
"traditional" IOS,. The PIX, __at the best of my knowledge__, is a "two
boxes in one",
a router and a PC. correct me if I'm wrong.
as this requires more
buffering and state management
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
