Re: [fw-wiz] is the ASA a true hardware solution?





On May 5, 2011, at 1:11 PM, Greg Whynott <Greg.Whynott@xxxxxxxxxx> wrote:


in the context of the never ending debates related to software/hardware firewalls...


i was looking inside of our newest 5580, it appears to be a standard HP server box (DL585) with a hardware encryption accelerator option card inserted into a pci slot. everything else appears to be verbatim to what you would receive from HP if you ordered their high end x86 server box.

should one not have any sort of encryption needs, would this box considered a software firewall? I couldn't find one custom asic, module or other chip with a cisco brand stamp on it, beyond the flash.


thanks!

-g

I can remember 10 years ago building a frankenPIX out of a PPro desktop, some Intel NICs, and the flash card spare from a Cisco PIX 520. It ran 6.1 beautifully and thought it was a PIX 515E. So, yes, it is and probably always has been possible to run PIX OS on non-Cisco hardware.

But since Cisco doesn't offer it that way, or support it that way, it's fair to refer to it as a hardware firewall. Unless you want to dissect the broader topic of where hardware ends and software begins. In which case, this is the one true hardware firewall:

http://www.ranum.com/security/computer_security/papers/a1-firewall/

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards