OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Comparisons of Firewall-1 vs. PIX

Re: Comparisons of Firewall-1 vs. PIX

Mark Horn [ Net Ops ] (mhornNOSPAMNOSPAMfunb.com)
Tue, 29 Sep 1998 15:14:28 -0400

Chris Hughes says:
>I have been tasked (on short notice) to evaluate Checkpoint Firewall-1 vs
>the Cisco PIX firewall. I am new to firewalling and would appreciate
>commentary on the strenghths and weaknesses of these two solutions.

About the only commentary that I have about Cisco PIX is that there seems
to be no way to specify source ports in the filter rules.

Please understand, that I don't have any Cisco PIX boxes here in which to
verify this. The Cisco SE's that tried to pitch them to us couldn't
explain to me how to do source port filtering, so we would not consider
their solution. They escalated the call to 3rd level support and it was
determined that it couldn't be done.

I don't actually know if you can or can't do source port filtering. But
what we went through suggested strongly that if it is possible, it
requires very complicated configuration. Which didn't sit too well with
me for something that calls itself a firewall. 

-- 
Mark Horn <mhornNOSPAMNOSPAMfunb.com>

PGP Public Key available at: http://www.es.net/hypertext/pgp.html
PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:48 CDT