I am looking at
complimenting our FW-1's with switches installed with the Cisco
IOS firewall feature set.
I would like to
implement this on 6500 switches also using layer 3 switching so inspection
can be done on switches and not on fw nic.
We primarily would
like to reduce unessesary internal to internal traffic.
We will use the
Cisco Policy Manager version 3 which appears to be similar to the FW-1 GUI and
not commandline.
There doesn't appear
to be many people using the IOS firewall feature set and it appears quite apt
and manageable.
I am aware of the
TCP\UDP only inspection limitation of CBAC.
Does anyone used the IOS firewall in production and can
give advice?
Are there any peformance
comparisons?
Regards
Eric
*** Disclaimer: The information in this
email is confidential and is intended solely for the addressee(s). Access to
this email by anyone else is unauthorised. If you are not an intended recipient,
you must not read, forward, print, use or disseminate the information contained
in the email. Any representations (contractual or otherwise), views or opinions
presented are solely those of the author and do not necessarily represent those
of the employer or any of its affiliates.
