RE: [fw-wiz] Comparisons between Router ACLs and Firewalls

• Previous message: Marcus J. Ranum: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• In reply to: Marcus J. Ranum: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• Next in thread: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Marcus J. Ranum'" <mjr@ranum.com>, "'David Pick'" <d.m.pick@qmul.ac.uk>
Date: Sat, 3 Jan 2004 17:56:43 -0500

I guess what I am saying is it basically boils down to the hardware the
said ACL and Firewall is running on

 
Bill James

The objective of all dedicated employees should be to thoroughly analyze
all situations, anticipate all problems prior to their occurrence, have
answers for these problems, and move swiftly to solve these problems
when called upon.

However, When you are up to your ass in alligators it is difficult to
remind yourself your initial objective was to drain the swamp.
 

> -----Original Message-----
> From: Marcus J. Ranum [mailto:mjr@ranum.com]
> Sent: Saturday, January 03, 2004 5:42 PM
> To: Bill James; 'David Pick'
> Cc: firewall-wizards@honor.icsalabs.com
> Subject: RE: [fw-wiz] Comparisons between Router ACLs and Firewalls
>
> Bill James wrote:
> >The problem with using ACL's is the load they can add to a
> router. Most
> >of Cisco's newer IOS' have IP Inspection and do OK but can add a
> >tremendous load on the router.
>
> I've never found any good studies of ACL performance. Do you
> have any references you can point us to?
>
> mjr.
>
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• In reply to: Marcus J. Ranum: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• Next in thread: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: big security questions the deny access guy return ... > proxy and an iptables based firewall the last one have the webmail ... > is not a good idea to use the router as firewall is this write? ... Using snort on every server seems entirely excessive to me. ... Routers should have ACL rules in place to prevent bogus traffic (RFC ... (Security-Basics) Re: Access List Help ... I know that you can log the Access-Lists on the Router, ... I was just wondering if the Firewall would be a better Packet Denier vs. the ... Router as that's what the Firewall does? ... you can see the ACL matches for each ACL ... (comp.dcom.sys.cisco) RE: [Full-disclosure] RE: Example firewall script ... Subject: RE: Example firewall script ... of every ACL. ... ACL's ARE TRAFFIC SHAPING DEVICES. ... should have a deny statement at the end, ... (Full-Disclosure) Re: firewall auditing/testing ... Looking at your ACL activity logs is good, but how do you KNOW they are ... To FULLY prove what your firewall is allowing and blocking, ... current firewall security is really secured. ... Download FREE whitepaper on how a managed service can ... (Pen-Test) RE: firewall auditing/testing ... Looking at your ACL activity logs is good, but how do you KNOW they are ... To FULLY prove what your firewall is allowing and blocking, ... Download FREE whitepaper on how a managed service can ... (Pen-Test)