Re: [fw-wiz] Firewalls that generate new packets..
- From: "Bill McGee (bam)" <bam@xxxxxxxxx>
- Date: Mon, 26 Nov 2007 08:09:55 -0800
You're right that there has been a great deal of convergence and feature
parity development between PIX/ASA and the IOS and CatOS Firewalls.
This, again, is "on purpose." It's part of Cisco's position that
security and risk reduction are better when the disparate parts of your
security and network solutions work together.
A plan in progress (and yes, I've been here for ten years and am pretty
sure we have had, and continue to have a strategy) means that at any
moment in time you are only going to see what's available then. That's
why the positioning and messaging evolves over time. At one time, we had
two distinct solutions (later, three with the CatOS FWSM.) As the
firewall market matured and as we were able to add additional
intelligence into both the network and our security solutions, there was
a planned convergence between the various solutions, with the end game
being that any customer could select the solution (or more often,
combination of solutions) that was right for their organization, and
still have the same level of security combined with flexibility and
interoperability.
It's not quite the same thing, IMO, as just managing to not "screw it
up."
-----Original Message-----
From: Paul D. Robertson [mailto:paul@xxxxxxxxxxxx]
Sent: Monday, November 26, 2007 8:14 AM
To: Chris Blask
Cc: Firewall Wizards Security Mailing List; Paul Melson; Bill McGee
(bam)
Subject: Re: [fw-wiz] Firewalls that generate new packets..
On Sun, 25 Nov 2007, Chris Blask wrote:
technical and marketing aspects of such things. It is
therefore also quite defensibly true what Bill said: <sic>
"That is on purpose".
This is the part I have serious troubles with- "on purpose" implies that
it was a pre-planned, thought-out event, not that you just didn't screw
it
up by not doing anything[1]. The code bases _started out differently_
for
no reason other than the fact that the products were from different
companies, on two different platforms. To paint that fact as if it were
some sort of strategic plan does the readers of this list a disservice.
PS - Paul R, my posts seem to again not be making the list,
The list is still moderated, it takes the moderator some time to get
through the queue...
Paul
[1] From what I recall when Cisco was repeatedly trying to get me to
buy
in to the fact that PIX should be on my list of approved firewalls at
Gannett, one of the points they kept trying to make was that PIX was
getting more IOS features to make it easier for folks to deal with a
single interface- so it would seem to me that even the keeping them
apart
wasn't necessarily a planned event.
------------------------------------------------------------------------
-----
Paul D. Robertson "My statements in this message are personal
opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Paul D. Robertson
- Re: [fw-wiz] Firewalls that generate new packets..
- References:
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Paul D. Robertson
- Re: [fw-wiz] Firewalls that generate new packets..
- Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Index(es):
Relevant Pages
|
