Greetings!
clavallee wrote:
> Does anyone know of a tool or easy way to migrate from a raptor to a PIX
> firewall?
There is none - can't be, as the two are fundamentally different.
Simplifying now:
Raptor is a proxy firewall:
- rule selection is "best fit"
- no NAT, but "transparent", "masquerade" and "service redirect"
handling of IP addresses
Pix is a packet filter:
- rule selection is "first fit"
- NAT with ("none",) "hide" and "static"
Best you should analyze your business need (thoroughly) and build a pix
ruleset FROM SCRATCH, i.e. without even looking at the Raptor rules.
IRL (In Real Life) the business needs often are not formulated or even
documented, so one has to "reverse-engineer" them from the existing FW
ruleset. And there are tools to help with, e.g. the ReadConfig perl
script (http://www.wyae.de/software/fwtools.html), maybe the Raptor2Ckp
script too.
Qapla'
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
