RE: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls

From: Paul Melson (psmelson_at_comcast.net)
Date: 05/19/05

  • Next message: Behm, Jeffrey L.: "RE: [fw-wiz] A fun smackdown..." 
    To: "'Paul D. Robertson'" <paul@compuwar.net>, "'Chris Byrd'" <cbyrd01@gmail.com>
Date: Thu, 19 May 2005 10:25:11 -0400

    Cisco is marketing the ASA 5500 appliances as PIX, VPN Concentrator, Secure
    IDS, and network anti-virus in a single box. Which leads me to believe that
    it's either brand-centric marketing hype gone overboard (caveat emptor), or
    that there is some actual code convergence. If the latter is true - which
    is not so impossible, since only the VPN 3K code needed porting to x86, PIX
    and Secure IDS have been there forever - then that should make Chris'
    decision pretty easy. If it's a PIX plus other possibly irrelevant, or at
    least out of scope features, buy the PIX.

    I've not had any experience with the ASA 5500 appliances, but I've been
    elbow deep in several other 'converged' security devices. It is my NSHO
    that when you combine several products, none of which are best-of-breed,
    into a single box, what you end up with is a box that does a lot of things,
    but none of them well AND can't scale or handle big loads.

    PaulM

    -----Original Message-----
    Subject: Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls

    > What are your thoughts on the new ASA from Cisco? Would the
    > additional features (IPS, AV, integrated VPN, active-active failover)
    > be worth the risk of being on the cutting-edge? Has anyone on the
    > list worked with one yet?
    >

    The only time I'd ever deploy a new-to-the-market product was if I had time
    to evaluate it personally.

    Do the new features outweigh the risk of having an upset or worse yet-
    unprotected client? Only you *and* the client can answer that. Their risk
    tolerance is probably the biggest piece of input you can have.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Behm, Jeffrey L.: "RE: [fw-wiz] A fun smackdown..."

    Relevant Pages

    • Re: Another RWW versus VPN question
      ... And after Blackhat I wouldn't be trusting of Cisco PIX either. ... One could argue that after the CISCO/Michael Lynn Blackhat/Vegas issue that Cisco isn't that secure. ... With VPN access, the data could be pulled over the wire to my home users, they "could" introduce more risk to my network if they are not patched, updates and protected. ... I have a client that recently had a programmer from a large security based company come by and demo the Access database he is working on for them. ...
      (microsoft.public.windows.server.sbs)
    • Re: PIX to PIX VPN problem
      ... I am trying to establish a VPN tunnel between 2 PIX 506E's. ... Crypto map tag: CRYPTO_MAP, local addr. ... fixup protocol dns maximum-length 700 ...
      (comp.dcom.sys.cisco)
    • Re: VPN Assistance
      ... This will expose port 1723 on th Pix to only these ... Glad it's working - now try to convince the client that using the Cisco ... client is more secure than using PPTP. ... IPSec VPN ...
      (microsoft.public.windows.server.sbs)
    • VPN - Cisco PIX to Checkpoing FW-1 troubleshooting
      ... I was trying to establish VPN between a pix and a checkpoint. ... isakmp policy 10 authentication pre-share ...
      (comp.security.firewalls)
    • Re: Fault tolerant VPN with Cisco Pix Firewall
      ... > and one in New York as well as five satellite offices. ... > to site IPSEC VPN setup between those sites with two 2621 routers. ... > We want to terminate the remote offices to the Pix Firewall in New ...
      (comp.security.firewalls)