Hi,
Cisco has software which runs on its routers which they call the Firewalling
Feature Set. Has anyone on this list had any experience using it, or
evaluated it?
Regards
Prabhakar D. Mallya
> -----Original Message-----
> From: Ben Nagy [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, April 22, 1999 5:54 AM
> To: Jim Fletcher
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: Cisco IOS
>
> Hmm.
>
> Can I expand on that? I agree with the sentiment but I think it's a touch
> broad.
>
> You can get pretty good basic packet filtering with IOS. If you start with
> "permit tcp any any established" (allow only packets with the Ack bit set,
> which will usually only be the case if someone on the inside has requested
> the connection) and then throw in Network Address Translation (I'm not
> going
> to start listing commands, try CCO), all you need to do is add a static
> mapping for a mailserver, allow DNS so WWW works and you've got yourself a
> fairly secure small office setup that will withstand casual probing.
>
> Yes, there are limitations with the kinds of services you'll get - I know
> I'm offering myself for crucifiction. If you're feeling like "correcting"
> me
> now do so at a level that will benefit the original poster.
>
> Now, if you're trying to support a hundred or so users that want a full
> gamut of services (NNTP, Gopher, non-passive FTP, WAIS, Real *&(&^%&
> Audio,
> Lions and Tigers and Bears, or even ICQ (lord help us!)) then you'll
> quickly
> start hating life and your job. Also remember than unless you're planning
> to
> use a free firewall you'll get a Cisco box that will do the job for about
> a
> tenth of the price of a "real" firewall box, and you'll probably still
> need
> an access router to boot.
>
> (like a shadow, Argument Man slips back into the night!)
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
>
> -----Original Message-----
> From: Carric Dooley [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, April 22, 1999 3:16 AM
> To: Jim Fletcher
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Cisco IOS
>
> Using a router as your primary means of protection is a bad idea.
> [prune]
> A certain amount of "screening" on your router for additional
> security is
> a good idea, but buy a firewall.
>
> Carric Dooley
> [truncate]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
