Hi Pauk Can i ask what you were doing that a pix could not handle nat wise ? just wondering since I have done very extensive and complex nat'ing in pix'es from 506's up to 535's without any performance problems.
Jan -----Original Message----- From: Paul Schmehl [mailto:[EMAIL PROTECTED] Sent: 28. september 2005 17:49 To: [email protected] Subject: Re: [Full-disclosure] Suggestion for IDS --On Wednesday, September 28, 2005 11:37:38 -0400 [EMAIL PROTECTED] wrote: > On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said: > >> While I do agree with the statement made "Quite frankly, anybody who >> already has a PIX installed and wants to install an IPS needs to quantify >> *exactly* what protection the PIX is failing to provide before they go >> shopping for anything" to a degree, I also disagree with that statement >> since it eludes to the thinking that solely a PIX will save your ass. It >> won't, nor will any other firewall, nor will any other product combined >> with any OTHER product and so on. > > Obviously, the original poster isn't thinking that a PIX will save their > ass, because they're in the market for something in addition :) > > They should be figuring out *why* they need more protection (quite > frankly, for many places, a *properly configured and maintained* PIX is > quite sufficient), Not only was the PIX (for us) not sufficient, it wasn't robust enough. We're ditching our PIXes for OpenBSD and pf. If you NAT a lot, PIX can't handle the load. It also isn't flexible enough. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
