RE: [nsp] Cat 6500... what is really possible together...

From: KF (kf@reign.sk)
Date: Mon Feb 11 2002 - 05:44:28 EST


> > - am I able to secure load balanced VLANS against DoS/viruses ..etc?
>
> "Secure" them in what way? If you need a firewall, buy a firewall.
>
> S
>
Secure them as in DMZ without any IDS features or larger logging.... I need unified enviroment for servers... not to buy and manage
X firewalls... speaking about SERVERS...300+
Want something what in CSS 11K implemented is. : (pasted from CSS documentation)

DoS attack prevention—Cisco CSS Web switches validate every session flow at initial flow setup time and eliminate all
connection-based DoS attacks and other attempted malicious or abnormal connections, with no impact on the performance of the Cisco
CSS Web switch.
FlowWall security—Cisco CSS Web switches provide firewall services including high-speed access control lists (ACLs) that block
particular content requests
by IP address, TCP port, host tag, complete URL, or file type.

not more... cat have PFC2.. thought so it's possible to do ACL at hardware (but depends, if implemented in conjuction NBAR (could it
make in hardware?)..... ofcourse basic well know attacks like syn flood should be able to defend.. (tcp intercept?)....

I'm looking (and think so others already also..) for enviroment, where all this features are presented in one box with one
management...with redundancy... Why should I implement physical firewall... we are speaking about ISP's enviroment.., not the
customer who want to have 5 servers on the net...

Alex



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:32 EDT