I've played with the IOS FW feature set. It seems to do everything it says it does, and it's amazingly easy to set up and configure. It adds real stateful packet filtering to the IOS access lists - no longer do you need to have gaping holes for UDP so that DNS works. I'll admit that I didn't sit down and abuse it to see how good the state engine is for all the different protocols that it supports, but if you're looking for a low incremental cost for a reasonably good security boost, this may be a good solution. Note that for a small network that isn't rabid about security that you can attain a fairly good level of security with NAT and packet filters on the router (I sound like a broken record, right?). Remember, the router _is_ a firewall - it provides directionally differentiated access to network resources. (Back to the amazon.com "crypto" challenge...) -- Ben Nagy Network Consultant, CPM&S Group of Companies PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 20 October 1999 12:51 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: Firewalls-Digest V8 #647 > > > If you are already putting in a Cisco then you could > certainly consider > the 'Firewall Feature Set' on the 1600. This would save you > having to buy > an extra box. I haven't used the FFS, but I'm sure that there > are people > out here who can give advice... > > -Steve > > > >>> Steve Linford <[EMAIL PROTECTED]> 10/18/99 12:21 >>> > I need some advice on what options there are to provide a > small network of > Macs with a low cost firewall; I have a client with a LAN of > 30 Macs who > wants a leased line and a mail server installed on his LAN, > and wants the > machines on his LAN to be able to reach the net. The general > advice I'm > getting is that Macs are difficult to hack into, so just plug > his Cisco > 1600 straight into his ethernet hub ... but I don't think I'd > sleep too > well without some sort of firewall so I'd be very grateful if > someone can > tell me what my options are (the solution needs to be low cost). > > Steve Linford > > ______________________________________________________________ > __________ > Ultradesign Xperimental Network http://www.uxn.com > > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
