The 65xx series Cat is well capable of handling IOS Firewall, even on a single Sup configuration, which obviously, is your config, as you are using MLS which requires the MSFC in the slot where a second Sup could otherwise go.
CBAC will cut down on performance, not significantly at CPU levels below 60 o/o, but can cause sluggishness above that. One thing more, keep the management functions of your network out of band, both for security and accessibility reasons. Glenn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Appelboom Sent: Wednesday, January 16, 2002 2:15 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Using Cisco IOS firewall feature set I am�looking at complimenting our�FW-1's with�switches installed with the�Cisco IOS firewall feature set. � I�would like to implement this on 6500 switches also using layer 3 switching�so inspection can be done on switches and not on fw nic. We primarily would like to reduce unessesary internal to internal traffic. � We will use the Cisco Policy Manager version 3 which appears to be similar to the FW-1 GUI and not commandline. � There doesn't appear to be many people using the IOS firewall feature set and it appears quite apt and manageable. I am aware of the TCP\UDP only inspection limitation of CBAC. � Does anyone used the IOS firewall in production and can give advice? Are there any peformance comparisons? � Regards Eric � � � *** Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, forward, print, use or disseminate the information contained in the email. Any representations (contractual or otherwise), views or opinions presented are solely those of the author and do not necessarily represent those of�the employer�or any of its affiliates. � _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
