Re: [nsp] Cisco PIX feedback request

From: Charles Sprickman (spork@inch.com)
Date: Mon Jan 08 2001 - 01:45:09 EST

On Fri, 5 Jan 2001, Andrew wrote:

> In regards to your idea of placing a quad card in your FreeBSD box; the
> firewall is only as secure as the OS it's running on. (Not o knock fbsd I
> use it daily.)

FYI, we had an older Ipsilon/Nokia IP400 w/Firewall-1. A number of pieces
of evidence showed that the box was running FreeBSD with FW-1 bundled as
an LKM.

Just a random data point.

Curious what the underlying OS on the PIX started life as...

Charles

> Regarding upgrading the PIX OS via floppy: This is a VERY secure way of
> upgrading software for the PIX. Having to physically touch the PIX as
> opposed to just doing an FTP or TFTP load is better IMHO (where a secure
> firewall is concerned.)
>
> My $.02
>
> At 10:31 PM 1/4/01 -0500, Christopher Neill wrote:
> >On Thu, Jan 04, 2001 at 03:57:11PM -0800, Karyn Ulriksen wrote:
> > > Hey all...
> > >
> > > I'm looking at Cisco Pix 535/525 as a firewall solution and was looking
> > > for some feedback on things to look for in evaluating the system and any
> > > experience with the product. Please feel free to contact me offline at
> > > kulriksen@publichost.com.
> >
> >Here's my opinion.. Cisco PIX is a piece of garbage. It's slow and unweildy,
> >the way it's put together leaves alot to be desired. I'll get into more
> >specifics when TAC can tell me why i get stalled transfers from interface to
> >interface. I've had problems with failover in some cases as well. The defaults
> >are, of course, idiotic. The "fixups" immediately broke my SMTP AUTH on
> >sendmail. One code revision of the OS -- 5.1(1) -- broke every 48-72 hours
> >until I updated it. With a floppy, for chrissake!..
> >
> >I'm told the Nokia Checkpoint system is the top of the line but I haven't had
> >a chance to check it out. I am very dissapointed with the quality of PIX. I
> >could put together a FreeBSD with some quad cards and end up with the same
> >thing but easier to manage.
> >
> >--
> >$Id: .sig,v 1.39 2000/11/21 06:58:32 noise Exp $
> >otopico: fuq 'puree' and 'chop'
> >und1sk0: puree and chop is for pussies without knive skills
>

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT