[c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
nick.nauwelaerts at thomson.com
nick.nauwelaerts at thomson.com
Fri Apr 4 14:46:27 EDT 2008
________________________________
Van: Yaroslav Doroshenko [mailto:yard at mtu.ru]
Verzonden: vr 4/4/2008 8:37
Aan: Nauwelaerts, Nick (TCM)
CC: robbie.jacka at regions.com; cisco-nsp-bounces at puck.nether.net; cisco-nsp at puck.nether.net
Onderwerp: Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
I believe dropping is also preferable if you need more performance and
bandwidth capacity although I'm not sure sending RST cost CPU time on
ASA platform.
Correct, each packet you schedule takes up a certain amount of bandwidth & cpu resources, though it'll be comparably small. Still that bandwidth & cpu power will most likely be cheaper than the additional troubleshooting complexity you get by dropping.
But as the introductary poster already stated, everyone has their own idea about this subject. I'm with the reject crew, that's the way tcp is meant to work.
// nick
More information about the cisco-nsp
mailing list