[c-nsp] 6500 with IOS Firewall - Any experiences?

Gustavo Novais gustavo.novais at novabase.pt
Tue Jun 5 18:45:08 EDT 2007


I've only raised this thread exactly because it is painful to me, that someone even considers only using sup720 for L2 Switching. If they have money to spend, they should spend it wisely, but... unfortunately, given what has been said here, IOS FW on sup720 is not a good choice, either because of lack of features comparing to PIX, or GUI management.

I wonder why Cisco is still supporting it on sup720, since marketing wise they are all about FWSM/ASA nowadays.

Personally, I'd put a sup32 with FWSM, but pre-sales people only consulted us technicians, after the order has been placed...

Thank you all for your input

Gustavo Novais

 


-----Original Message-----
From: Kevin Graham [mailto:mahargk at gmail.com] 
Sent: terça-feira, 5 de Junho de 2007 23:28
To: Gustavo Novais
Cc: Brian Stiff (bstiff); cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 6500 with IOS Firewall - Any experiences?

On 6/5/07, Gustavo Novais <gustavo.novais at novabase.pt> wrote:

> I'll suggest him to continue using its current pix525 cluster,

If they want to give the IOS Firewall a shot though for what a
dual-720 is going to cost, putting in a pair of 2821 or 2851 SEC-K9
bundle's with SDM shouldn't be too painful.

> Do you know if the sup32-PISA brings any improvement on the IOS firewall area?

Given the additional CPU, performance would be helped, but you're
still stuck on a 6500 release train so it still going to suffer long
term. Keeping FW features up to date in 12.4T is hard enough (ie. I
don't believe current releases of any of the IM clients now are
compatible w/ the appfw IM code).


More information about the cisco-nsp mailing list