Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls
From: ArkanoiD (ark_at_eltex.net)
Date: 05/20/05
- Previous message: Delong, Jeff E.: "[fw-wiz] UNSUBSCRIBE"
- In reply to: Paul Melson: "RE: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"
- Next in thread: Aaron Smith: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Melson <psmelson@comcast.net> Date: Fri, 20 May 2005 19:03:27 +0400
nuqneH,
From what i know looking PIXen inside and outside, IDS module is packet capture
based and is not really integrated with firewall state engine and tcp
reconstruction. Don't know if things did change recently.
(I think it is a shame to market such a thing, but Cisco is big player, so
who cares?)
On Thu, May 19, 2005 at 10:25:11AM -0400, Paul Melson wrote:
> Cisco is marketing the ASA 5500 appliances as PIX, VPN Concentrator, Secure
> IDS, and network anti-virus in a single box. Which leads me to believe that
> it's either brand-centric marketing hype gone overboard (caveat emptor), or
> that there is some actual code convergence. If the latter is true - which
> is not so impossible, since only the VPN 3K code needed porting to x86, PIX
> and Secure IDS have been there forever - then that should make Chris'
> decision pretty easy. If it's a PIX plus other possibly irrelevant, or at
> least out of scope features, buy the PIX.
>
> I've not had any experience with the ASA 5500 appliances, but I've been
> elbow deep in several other 'converged' security devices. It is my NSHO
> that when you combine several products, none of which are best-of-breed,
> into a single box, what you end up with is a box that does a lot of things,
> but none of them well AND can't scale or handle big loads.
>
> PaulM
>
> -----Original Message-----
> Subject: Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls
>
> > What are your thoughts on the new ASA from Cisco? Would the
> > additional features (IPS, AV, integrated VPN, active-active failover)
> > be worth the risk of being on the cutting-edge? Has anyone on the
> > list worked with one yet?
> >
>
> The only time I'd ever deploy a new-to-the-market product was if I had time
> to evaluate it personally.
>
>
> Do the new features outweigh the risk of having an upset or worse yet-
> unprotected client? Only you *and* the client can answer that. Their risk
> tolerance is probably the biggest piece of input you can have.
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Delong, Jeff E.: "[fw-wiz] UNSUBSCRIBE"
- In reply to: Paul Melson: "RE: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"
- Next in thread: Aaron Smith: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
