Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

Hi!

On Thu, Jan 26, 2006 at 12:29:14AM +0300, ArkanoiD wrote:

> (well, for PIXen i do not see a reason for them to exist at all, except
> "our network is Cisco-based" which does look valid for me. If you need a
> good packet filter, get a Netscreen)

But precisely this reason is the weakest of all - of course
most people only discover this after the sale ;-)

If you've done years of IOS configuration and maintenance
and then encounter a PIX for the first time, I predict very
bad effects on your blood pressure and your overall health.
Boy, are these devices stupid!

The "all of our products run IOS" mantra is a big marketing lie.
PIXen don't run IOS. Their command line interface mimics IOS
to some extent. But any IOS firewall feature set router can
do more things than a PIX (at least up to 6.3.something).

> And, after all, implicit rules are terrible so Checkpoint
> config is quite obscure.

Implicit NAT and implicit permit if you happen to use the
PIX Device Manager seems even worse to me.

OK, enough of this product specific rant.

Regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] Firewalls that generate new packets..
    ... IOS runs on m68k processors while the PIX codebase is x86? ... (BorderWare is STILL BorderWare, BTW. See ... as we had an IOS firewall project we were working on. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... PIX was an acquired product by Cisco, ... competing since PIX wasn't a firewall (which John summarily ... Bill McGee had been the driving force behind the best ... PIX and IOS command line similarity has long been a goal ...
    (Firewall-Wizards)
  • Re: subnets in access lists...
    ... >In this instance we can deduce that it is likely IOS rather than PIX ... and then to use a single statement to ... So if I wanted to block all ips starting with 61 from accessing ...
    (comp.dcom.sys.cisco)
  • Re: difference between netscreen x25 and cisco 515e
    ... configurable for experts that can use IOS instead of the GUI, ... company that doesn't want to learn a command line interface like IOS and ... > Netscreen is pretty weak compared to the PIX. ... Go to each website a look ...
    (comp.security.firewalls)
  • Re: Whats wrong in this code??? (ftn77)
    ... Try using IMPLICIT NONE. ... > second parametr (only ios) it worked, now with implicit none it doesnt. ... As well as putting IMPLICIT NONE in the blad subroutine, ...
    (comp.lang.fortran)