RE: [fw-wiz] Comparisons between Router ACLs and Firewalls

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 01/03/04

  • Next message: Bill James: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
    To: "Bill James" <bubbagates@comcast.net>, "'David Pick'" <d.m.pick@qmul.ac.uk>
    Date: Sat, 03 Jan 2004 17:42:24 -0500
    
    

    Bill James wrote:
    >The problem with using ACL's is the load they can add to a router. Most
    >of Cisco's newer IOS' have IP Inspection and do OK but can add a
    >tremendous load on the router.

    I've never found any good studies of ACL performance. Do you have any
    references you can point us to?

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Bill James: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"

    Relevant Pages

    • Re: How Secure Is Too Secure?
      ... The trick is to load it up so much that the browser won't load any ... they can get a message back that port 12345 is closed....big deal. ... goes to the router, not my computers. ... Watch for holes, it's free! ...
      (comp.security.firewalls)
    • Re: How Secure Is Too Secure?
      ... The trick is to load it up so much that the browser won't load any ... they can get a message back that port 12345 is closed....big deal. ... goes to the router, not my computers. ... Watch for holes, it's free! ...
      (comp.security.firewalls)
    • Re: Microsoft websites are inaccessible
      ... can not get well formed pages to load at msdn2.microsoft.com nor can I ... When did my firewall learn to discriminate? ... msdn2 using the search results... ... the router. ...
      (comp.security.firewalls)
    • Re: Cisco 2651XM high cpu usage 12.4(25b)IPBASEK9
      ... I tried removing NAT and routing all the traffic to another router, ... gained a lot of CPU load, the issue should be the WIC slot's BUS that is ... driving a lot of CPU. ... If you want PBR to handle a significant load, ...
      (comp.dcom.sys.cisco)
    • Re: Microsoft websites are inaccessible
      ... I can not get well formed pages to load at msdn2.microsoft.com nor can I ... When did my firewall learn to discriminate? ... ProSafe VPN) but the Road Runner ISP requires dynamic DNS to be selected ... on the router. ...
      (comp.security.firewalls)