dont skip over thingz!!!
make sure folks understand that they cant do this using CATos and that they gotta pay more for the x-bar setup and that they really need the 256 MB CARD what lunacy .... the layer 3 router on the 65xx ...SWITCH... has enough to DO just routing - sandwich the firewall with 6509'S with the xbar and dual nic the firewall and you'll be fine... piranha... >From: "Glenn Shiffer" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: RE: Using Cisco IOS firewall feature set >Date: Thu, 17 Jan 2002 21:10:31 -0500 > >The 65xx series Cat is well capable of handling IOS Firewall, even on a >single Sup configuration, which obviously, is your config, as you are >using MLS which requires the MSFC in the slot where a second Sup could >otherwise go. > >CBAC will cut down on performance, not significantly at CPU levels below >60 o/o, but can cause sluggishness above that. > >One thing more, keep the management functions of your network out of >band, both for security and accessibility reasons. > >Glenn > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Eric Appelboom >Sent: Wednesday, January 16, 2002 2:15 PM >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] >Subject: Using Cisco IOS firewall feature set > >I am�looking at complimenting our�FW-1's with�switches installed with >the�Cisco IOS firewall feature set. >� >I�would like to implement this on 6500 switches also using layer 3 >switching�so inspection can be done on switches and not on fw nic. >We primarily would like to reduce unessesary internal to internal >traffic. >� >We will use the Cisco Policy Manager version 3 which appears to be >similar to the FW-1 GUI and not commandline. >� >There doesn't appear to be many people using the IOS firewall feature >set and it appears quite apt and manageable. >I am aware of the TCP\UDP only inspection limitation of CBAC. >� >Does anyone used the IOS firewall in production and can give advice? >Are there any peformance comparisons? >� >Regards >Eric >� >� >� >*** Disclaimer: The information in this email is confidential and is >intended solely for the addressee(s). Access to this email by anyone >else is unauthorised. If you are not an intended recipient, you must not >read, forward, print, use or disseminate the information contained in >the email. Any representations (contractual or otherwise), views or >opinions presented are solely those of the author and do not necessarily >represent those of�the employer�or any of its affiliates. >� > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
