[c-nsp] BGP support on the new ASA5585-X
Mack O'Brian
mackobrian40 at gmail.com
Sat Oct 30 02:08:13 EDT 2010
On Fri, Oct 29, 2010 at 3:37 PM, Chris Evans <chrisccnpspam2 at gmail.com>wrote:
> If you have to have cisco you could use an asr1k. They support line rate
> stateful firewalling and all routing protocols that you could think of.
>
After reading your comment on asr1k, I started reading and here is what
Cisco marketing says; how good asr1k be in reality for fw is something
different:
"Up to 20 Gbps of Zone Based Firewall, Deep Packet Inspection, in-box
stateful firewall failover for nonstop services, all firewall processing
done in Cisco Quantum Flow Processor, Integrated threat control to prevent
and defend against attacks."
Mack
On Oct 29, 2010 6:23 PM, "Dean Smith" <dean at eatworms.org.uk> wrote:
> >>I'm sure it doesn't. Routers are routers, firewalls are firewalls.
> >
> > So very narrow minded. In a large complex enterprise environment a few
> > thousand routes delivered dynamically to a firewall robustly via BGP
> would
> > be a godsend - and perfectly matched to the Cisco treatment of "high" and
> > "low" security interfaces. We too have had to go transparent for this
> reason
> > alone in many places but its not always possible. (Oh and when will we
> get
> > an HTTPS inspect on ASA/FWSM!)
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list