RE: Cisco and FW -1

[Jason Lewis]

Title: Cisco and FW -1

Lance Spitzner is part of the HoneyNet project.  I think he favors FW-1.  Not a good or bad thing, I just thought I would point it out.  Not that I am biased towards Cisco. ;P

 

I think you need to figure out what you need from a firewall and use that to see which one better suits you.  I prefer the PIX.  Mainly because of the CLI, license cost, and device cost in failover config.  I like FW-1 when you are combining it with VPN features, but my Cisco rep says the Cisco next release of VPN will be better.

 

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary.

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Johnston Mark
Sent: Tuesday, May 29, 2001 4:41 AM
To: [EMAIL PROTECTED]
Subject: Cisco and FW -1

Hi all,

Need some help from persons who have knowledge about FW-1 and Cisco Pix.

We are looking to replace our FW as its currently limited to 3 interfaces and we now have a requirement for 4. But before purchasing the unit there is just a little bit of information that I need to know, more on the alerting and logging capabilities of the 2 suggested firewalls.

From most of the whitepapers I have read (the honeypot project etc) I noticed that most use FW-1. I know that it can handle logging and custom alerts quite well, but can Cisco. I have had mixed vendor reports and sometimes I think that those guys will say anything to get a sale .... so let me rather ask persons who have 1st hand experience.

Thanks
Mark