I have tried to use ConfigMaker and it is not as easy as they pretend it to
be.
For one thing it does not work well on a router that already has a
configuration on it. I guess if you use it to do the whole config it may
work OK. - You have to 'draw' your whole network diagram etc before you can
run the security wizard.
Also I could never get it to support an ISDN fallback to a FrameRelay
connection although the help refers to this capability. (Version 2.1 is much
better than the other(older) version)
Perhaps I should add that I knew absolutely nothing about Cisco before I
tried to install this Firewall the first time, but the only reason I even
bought the firewall is because Cisco made it sound so easy on their website.
In the end I managed it by using ConfigMaker to generate the config commands
and then manually entering/adding them into the router config.
Your call
James Smith
MCSE
-----Original Message-----
From: Bernhard Petri [mailto:[EMAIL PROTECTED]]
Sent: 02 March 1999 13:15
To: Chris
Cc: [EMAIL PROTECTED]
Subject: Re: Frontend Firewall
Hello Chris,
Thanks for your interesting hints. The Cisco solution could
be the right one,
but what's with the administration interface ? I know
Cisco's classical command
line interface and I don't like it at all. I know there is a
GUI called
ConfigMaker, that includes a Security Wizard to set up the
IOS Firewall.
Has anyone experience with this GUI ? Does it mean fun or
punishment to use it
? Is it sufficient to set up the IOS firewall or have I to
use the command line
interface also ? The Cisco online documentation says they
use syslog to track
all transactions. So have I to read syslog files to know
what's going on ?! Are
there any flaws or bugs one should know about ?
Kind regards
Bernd
Chris wrote:
> At 4:52 PM +0100 2/25/99, Bernhard Petri wrote:
> >We use Checkpoint FireWall-1 as our "general purpose"
firewall. I want
> >additional protection against external attacks, as for
example
> >denial-of-service. So I need to install an "frontend
firewall" before
> >FireWall-1. I think that a dynamic filter ist the right
solution, but I
> >don't know which product to use. This product shall be
safe, stable and
> >relatively cheap compared to FireWall-1. It shall support
two Ethernet
> >interfaces and one WAN interface.
>
> Bernd
>
> You might want to look at a Cisco 2611, which possess, in
addition to
> traditional packet filtering capacity, an enhanced IOS
Firewall software
> feature set (available only recently and only in the lower
end Cisco
> routers) which adds statefull packet filtering
capabilities.
>
> To give you an idea of cost and part, I recently got a
quote from the lady
> below, which is about 25% off list. Since I was going to
use both the WAN
> ports, 3 CSU/DSU were being considered, one for backup.
This particular
> unit has a 10baseT interface, which supports both SNMP and
you can telnet
> to it a monitor status and reconfigure over the net
(password protected).
>
> Cisco 2611 WAN Router
> CISCO2611 1 Cisco 2611 Dual Ethernet Router, IP
Only IOS $ 2,495.00
> $ 1,871.25
> S26CHL-12.0.2T 1 2600 IOS IP Firewall Plus IPSEC56
$ 2,400.00
> $ 1,800.00
> WIC-2T 1 2-Port WAN Interface Card
$ 700.00
> $ 525.00
> CAB-SS-V35MT 1 V35 Cable, DTE Male to Smart Serial, 10
ft $ 100.00
> $ 75.00
> TY3250-01-35 3 Sync Research/Tylink 3250 T1 CSU/DSU
V35 $ 1,375.00
> $ 2,681.25
> CON-SNT-2611 1 SmartNet 8x5xNBD, 1 year
$ 392.00
> $ 352.80
>
> TOTAL$ 7,305.30
>
> Katie Ives, Sr. Account Manager
> NetLink Technologies, Inc.
> 3333 S. Wadsworth Blvd, Ste. 228-D
> Lakewood, CO 80227
> (800) 646-6415
>
> Hope this helps ... chris
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED]
with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
