Re: [nsp] Cisco PIX feedback request

From: Andrew (arousch@home.com)
Date: Fri Jan 05 2001 - 18:38:21 EST


Overall, the PIX is a good piece of hardware. It's a dedicated
firewall. I've been using PIX since Cisco bought the box it and rarely
have had problems. The few I have had were config errors or software
issues. I have not, however, used the 515 (the 1U box) I have used the
520's and classics (for years.)

In regards to your idea of placing a quad card in your FreeBSD box; the
firewall is only as secure as the OS it's running on. (Not o knock fbsd I
use it daily.)

Regarding upgrading the PIX OS via floppy: This is a VERY secure way of
upgrading software for the PIX. Having to physically touch the PIX as
opposed to just doing an FTP or TFTP load is better IMHO (where a secure
firewall is concerned.)

My $.02

At 10:31 PM 1/4/01 -0500, Christopher Neill wrote:
>On Thu, Jan 04, 2001 at 03:57:11PM -0800, Karyn Ulriksen wrote:
> > Hey all...
> >
> > I'm looking at Cisco Pix 535/525 as a firewall solution and was looking
> > for some feedback on things to look for in evaluating the system and any
> > experience with the product. Please feel free to contact me offline at
> > kulriksen@publichost.com.
>
>Here's my opinion.. Cisco PIX is a piece of garbage. It's slow and unweildy,
>the way it's put together leaves alot to be desired. I'll get into more
>specifics when TAC can tell me why i get stalled transfers from interface to
>interface. I've had problems with failover in some cases as well. The defaults
>are, of course, idiotic. The "fixups" immediately broke my SMTP AUTH on
>sendmail. One code revision of the OS -- 5.1(1) -- broke every 48-72 hours
>until I updated it. With a floppy, for chrissake!..
>
>I'm told the Nokia Checkpoint system is the top of the line but I haven't had
>a chance to check it out. I am very dissapointed with the quality of PIX. I
>could put together a FreeBSD with some quad cards and end up with the same
>thing but easier to manage.
>
>--
>$Id: .sig,v 1.39 2000/11/21 06:58:32 noise Exp $
>otopico: fuq 'puree' and 'chop'
>und1sk0: puree and chop is for pussies without knive skills



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT