-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mitch,
I manage many PIX, and yesterday i've tested a 3600 with IOS 12.1.4
IP/FW/IDS with CBAC.
I think that cisco "fixup" was derived from IOS "ip inspect" .
About performance, PIX it's better, because cisco doesn't have dedicaded
card to do statefull inspection, instead core cpu it's used.
But PIX doesn't like multicast, doesn't have some inspection rule like
TFTP.
fixup of PIX it's more secure than CBAC, because the first was well
hardened .
We tested succesfully 4Mbit of traffic with a 3600 with 16Mb Flash, and
40Mb Ram using CBAC with all inspection rules activated.
bye :)
Pietrosanti Fabio I.NET SpA, High Quality Access to the Internet
e-mail: [EMAIL PROTECTED] ( Direzione Tecnica, Gruppo Firewall )
[EMAIL PROTECTED]
PGP Key (DSS) http://naif.itapac.net/naif.asc
ICQ ( under testing) : 93258985
Home Page URL: http://www.inet.it
Sede: Via Caldera, 21 20153 Milano
Tel: 02-409061 Fax: 02-40906303
- --
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
On Thu, 12 Oct 2000, Bell, Mitch wrote:
> Can anyone tell me what is the main difference between a Cisco high end
> router (7140) running CBAC and a dedicated PIX firewall.
> Aside from the increased performance with the PIX is it more secure than
> CBAC???
>
> Thanks,
>
> > T. Mitchell Bell
> System/Security Admin
> > { =o=}====>
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Filter: gpg4pine 4.1 (http://azzie.robotics.net)
iD8DBQE55sMVdK5I1NnlcMYRAnC9AKCpuNwSF7drFzfHeK6j+pp1EsbyWwCgtdQe
6wlfkH1gwEYjdcZXCtiA1l8=
=GKNT
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
