David,
I have a question, as I understand that Checkpoint is
a software based firewall, right?
And it is faster than PIX, which makes me think that
software based firewalls sometimes can be faster than
hareware based ones, is that right?
Thanks
Kent
--- David <[EMAIL PROTECTED]> wrote:
> well, simply blocking traffic from outdoors and
> using NAT is usually OK
> for a SOHO or regular user, but in general access
> lists ARE NOT A
> FIREWALL. They don't keep status of connections and
> do any realtime
> inspection of traffic looking for more then just
> IP/TCP/UDP
> information. A stateful firewall keeps an active
> table of all
> connections and can do a lot more then just deny
> traffic on basic things
> in the layer 3/4 header. If you really want to
> protect a network don't
> just use access lists.
>
> In larger environments, one of the big factors to
> address is
> performance. If you're sitting behind a T-1 with 40
> to 50 average users
> and a server or two, this may not be a big deal.
> Any decent software
> based firewall or small hardware-based solution
> should be fine. But if
> you're sitting behind a network with hundreds of
> users, hundreds of
> servers, and pushing 50+ Mb/s of traffic out
> multiple DS-3's, you better
>
> A. Make sure you segment your network and use
> multiple firewalls.
> B. Use a fast hardware based solution.
>
>
> Some of the bigger firewall platforms out there are
> Checkpoint's
> Firewall-1, Cisco PIX, and my current favorite,
> Netscreen. I'm not sure
> about netscreen's site right now, but Cisco and
> Checkpoint should have
> some basic firewall/security documentation out there
> about firewalls.
> There are plenty of good books on firewalls out
> there as well as things
> on the Internet, but I haven't searched.
>
>
> David
>
>
> Sammi wrote:
> >
> > Hi all,
> > In pursuit of a network position I'm often queried
> as to my knowledge
> > of firewalls. During my Cisco studies I haven't
> seen much mentioned on
> > the subject, though I have deduced (correctly?)
> that access lists can
> > effectively be used as a firewall. What are the
> leading industry
> > firewall applications and how do they interact
> with Cisco products?
> > Realizing perspectives are much different on an
> enterprise level than
> > the home network level, is there much difference
> in principle between
> > firewalls the home user might employ (blackice,
> @guard, etc.) and that
> > used on the larger scale? Any recommendations as
> to links,
> > documentation?
> >
> > As always, my thanks for your advice.
> >
> > ___________________________________
> > UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
> ___________________________________
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
