[c-nsp] PIX OS 7.0 and PIX520, supported?

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Wed Jan 26 10:55:50 EST 2005


joe,

gert's concept is point on, so i'd kinda throttle back a bit. 

as for hairpinning or rcv/xmt traffic in/out the same interface
is pretty lame, especially in light of the relatively low cost
of network cards today.

that said...

i'm trying to think of ANY commercially or open licensed firewalls
that do not know how to 'route' packets. 

none come to mind.

firewalls descend from early gateways whose sole function in
life was to route due to a enterprise policy or application
required decision.

todays asics and other hardware based firewalls and proxies 
notwithstanding, a firewall is SOFTWARE just as a ROUTER is
a machine, running specific SOFTWARE with which to communicate
with a kernel usually.


~!piranha

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Joe Maimon
Sent: Wednesday, January 26, 2005 2:53 AM
To: Chris Cappuccio
Cc: Brian Feeny; 'cisco-nsp'
Subject: Re: [c-nsp] PIX OS 7.0 and PIX520, supported?




Chris Cappuccio wrote:

>You mean forwarding a packet back out the same interface it was received on?
>
>Nope, ok, you have to buy a ROUTER for that.  It ROUTES packets, see.
>(Never mind the dynamic or static route options that the PIX provides,
>it's just a firewall, for christ's sake!) So, go ahead and buy a Cisco(R)
>ROUTER to put in front of your PIX.
>
A rant after my own heart

http://www.mail-archive.com/nanog@merit.edu/msg26545.html
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list