[c-nsp] Trouble in an ASA migration from CheckPoint

Marcelo Zilio ziliomarcelo at gmail.com
Mon May 11 10:56:33 EDT 2009


Hi Sham,

I've been working with Cisco Firewalls for the past four years and until now
they always worked well for me.

The old PIXes before version 7.x really leave to be desired, but the new ASA
have been greatly improved.

However I have to agree with you in some points (using a lot of public IPs
in this particular case).

To compare different brands its complicated. There will always be advantages
and disadvantages in using one or other.

Thanks and regards
Marcelo

2009/5/11 SHAM SHARMA <wisesham at gmail.com>

> Agree .. Cisco still has long way to go match with Checkpoint
>
> You will notice it as you will go with this transaction .... You will
> endup in using more public IP's ... finding lot of bugs ... helping
> Cisco not vice versa
>
> Sorry but tht's utter truth ...
>
> On 5/11/09, Rubens Kuhl <rubensk at gmail.com> wrote:
> > On Mon, May 11, 2009 at 10:11 AM, Marcelo Zilio <ziliomarcelo at gmail.com>
> wrote:
> > > Hi Rubens,
> > >
> > > Thanks for your response.
> > >
> > > I'm sorry, but I didn't understand what you meant...
> > >
> > > Remember IPs 200.1.1.1 and 190.1.1.1 are Internet address and I cannot
> > > control their DNS resolution.
> >
> > Yes we can! :-)
> >
> > http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html
> >
> > In effect, you would answer based on the IP address of the DNS
> > recursor and not the client itself, but if we are talking big /8s,
> > that usually has a strong correlation.
> >
> >
> > Rubens
>  > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>


More information about the cisco-nsp mailing list