Re: [fw-wiz] Disecting the Cisco PIX
From: Michael C. Ibarra (ibarra@hawk.com)
Date: 07/30/02
- Next message: Noonan, Wesley: "RE: [fw-wiz] Disecting the Cisco PIX"
- Previous message: Evan Wagner: "Re: [fw-wiz] Disecting the Cisco PIX"
- In reply to: Art Mason: "[fw-wiz] Disecting the Cisco PIX"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] Disecting the Cisco PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael C. Ibarra" <ibarra@hawk.com> To: firewall-wizards@honor.icsalabs.com Date: Tue Jul 30 15:34:20 2002
I agree, but not just anyone can do what you propose, which is
why it is a commercial product. I've recently been toying with
OpenBSD/IPfilter/altq/etc on compact flash, and it doesn't even
have to be a 2U, 1U's are fine. By the way, earlier verions of
the PIX'es used to give off the beep sequence that x86 boxes give
off for missing keyboards, so yeah, they are x86 boxes. What
would make your idea cool would be to use the mini-httpd engine
to allow for configuration changes, c'mon now don't puke even
this sort of setup can be hardened.
-mike
Michael C. Ibarra
Hawk Technologies, Inc
http://www.hawk.com
800.hawk.com
Quoting Art Mason <a.c.mason@sbcglobal.net>:
> Out of curiosity, has anyone here ever cracked open any of the Cisco PIX
> series firewalls chassis? From what I've gathered by reading up on
> their product information and by what people have said about them in
> various mailing lists and newsgroups, they are actually built on an x86
> hardware platform w/ a Celeron 300MHz (PIX 506E) to Pentium III 1.0GHz
> (PIX 535) CPU and anywhere from 32MB to 1GB RAM . I understand the
> storage media to be compact flash (4-16MB capacity) and on the low-end
> models w/ 10Mb throughput, they actually use an ISA NIC in the chassis.
> I've also read that the PIX doesn't support local logging (everything
> needs to be redirected to a syslog server). Can anyone confirm any of
> this? If so, why couldn't one just throw OpenBSD onto some flash media,
> drop a couple of Intel Pro100+ dual-port NICs in a 2U rackmount case,
> maybe offload some of the VPN stuff onto an ASIC-based encryption
> acceleration card, and save some big bucks, granted they know how to set
> up PF from the CLI? This is just something I've been wondering about
> for a while, and was curious as to what others in the know had to say
> about it. Thanks in advance.
>
> Art Mason
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--------------------------------------------------
- Next message: Noonan, Wesley: "RE: [fw-wiz] Disecting the Cisco PIX"
- Previous message: Evan Wagner: "Re: [fw-wiz] Disecting the Cisco PIX"
- In reply to: Art Mason: "[fw-wiz] Disecting the Cisco PIX"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] Disecting the Cisco PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
