[fw-wiz] Re: Home Environment Cisco

From: Brian Ford (brford_at_cisco.com)
Date: 05/31/03

  • Next message: Brian Ford: "Re: [fw-wiz] pix and syslog" 
    To: <nathan.grandbois@cerdant.com>
Date: Sat, 31 May 2003 07:56:03 -0400

    Nathan,

    See in line:

    At 11:35 AM 5/30/2003 -0400, firewall-wizards-request@honor.icsalabs.com wrote:
    >Reply-To: <nathan.grandbois@cerdant.com>
    >From: "Nathan" <nathan.grandbois@cerdant.com>
    >To: <salgak@speakeasy.net>, <firewall-wizards@honor.icsalabs.com>
    >Subject: RE: [fw-wiz] Home Environment Cisco
    >Date: Thu, 29 May 2003 15:57:23 -0400
    >
    >But won't I be able to create an ACL based on ports in the IOS?
    >I can harden the systems/services if I can just restrict ports, I don't need
    >a firewall if I can do that.

    The IOS Firewall is a stateful Firewall. You'll also have standard (IPs)
    and extended ACLs (IPS and ports), and CBAC (Content Based Access Control
    which opens new ACLs based on Firewall rules). And there are other ACLs
    (named, time of day, per user, etc,...)

    >About how much are support contracts from Cisco? And if I get one does that
    >only include the firmware, or do I get to bother a low level tech on the
    >phone too?

    You get support from Cisco for up to 30 days with the purchase (hardware
    and software). SmartNet (support) contracts vary in price based on the
    turn around time for replacement equipment. They all include phone
    support. If your site can be down for a day or two waiting for a
    replacement then go for a less expensive contract. We also have
    additional software support contracts that send you new IOS code for your
    device as it becomes available. This is probably unnecessary for your home
    use application.

    >_nathan

    Liberty for All,

    Brian

    Brian Ford
    Consulting Engineer
    Corporate Consulting Engineering, Office of the Chief Technology Officer
    Cisco Systems, Inc.
    http://www.cisco.com
    e-mail: brford@cisco.com

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Brian Ford: "Re: [fw-wiz] pix and syslog"

    Relevant Pages

    • Re: 2 ports broken after gcc import
      ... > My machine that was showing the problem didn't have a firewall enabled. ... if the ACLs flag is set on a file system. ...
      (freebsd-current)
    • Re: [fw-wiz] Cisco 2621 opinions
      ... I simply meant that the more ACLs you apply, ... the ios qos features work best with slower lines like BRIs. ... > Ethernet to Ethernet connection you could look at the 2651 or the 3600s. ... With CBAC and extensive lists, this could go down to 1.5mpbs. ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Host based vs network firewall in datacenter
      ... >>No matter what kind of network you have, you need at least one firewall ... basic ACLs to filter junk traffic. ... >>hardware ... >>the hardware firewall skips into the internal network. ...
      (Firewall-Wizards)
    • Re: Cisco Router security basics and ASA firewall rules
      ... an edge router or internal router which stands in front of an ASA firewall. ... ACLs on the router and have all ACLs happening at the firewall. ...
      (Security-Basics)
    • Re: [fw-wiz] Host based vs network firewall in datacenter
      ... > Having a datacenter without a fast firewall at the border, ... > hardware ... > need it (because expensive ones can handle smarter ACLs and keep state ... > cut down packets which the hardware firewall missed. ...
      (Firewall-Wizards)