I work with Cisco security products every day, so take this with a pinch of
salt :-)
Actually, Cisco are right up there with the rest of them, especially with
the 7.x software for ASA and PIX platforms, actually even Cisco routers now
have layer 5-7 abilities in their firewall feature set. So not submitting
for a bakeoff or any kind of "test" does not mean that their products can't
go head to head with Juniper/Checkpoint and so on, it just means that Cisco
didn't feel like this was the place for their product to be tested, also the
term "Deep Inspection" seems a bit vague to me, almost every firewall device
today has abilities reaching into layer 5-7.
Jan
Fra: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] På
vegne af Ivan .
Sendt: 27. oktober 2006 04:59
Til: Joe Kim
Cc: Mario A. Spinthiras; firewalls@securityfocus.com
Emne: Re: Application Layer Firewal? There is such a thing?
top 3 includes Cisco? Cisco didn't even submit the Pix for this bakeoff???
They may be in the top 3 for market share, but I doubt they are even close
when it comes to technology
Deep Inspection Firewalls
http://www.networkcomputing.com/showArticle.jhtml?articleID=160910889&pgno=1
cheers
Ivan
On 10/27/06, Joe Kim <joekim13@gmail.com> wrote:
actually genous, a layer 3 firewall is simply a packet filter such as
a router that is not state aware. Most firewalls these days will do
some level layer 3~7 inspection. Such as keeping state and performing
RFC, application specfic inspection.
The top 3 firewalls in the market Juniper Netscreen, Checkpoints,
Cisco all do more than layer 3 inspection.
Joe
On 10/24/06, Mario A. Spinthiras <mario@netway.com.cy> wrote:
Ivan . wrote:
There are more App based firewalls around, like
http://www.netcontinuum.com/
cheers
Ivan
On 19 Oct 2006 21:21:59 -0000, joekim13@gmail.com
<joekim13@gmail.com>
wrote:
do you need layer 7 inspection or layer 7 proxy?
For proxy fw's sidewinder ( dont' really prefer to use them) or
Symantec Gateway Security applicances ( symantec announced they
are discontinuing).
As for fw's i'd recommend a Netscreen fw as they can have IPS/IDP
blades in combination with a stateful inspection firewall. Check
out the ISG line.
Another decent layer 7 inspection fw is checkpoint. but costly
and limited # of layer 7 inspection.
Joe
Layer 7 proxy ? What does that do deny you from entering input in a
CLI or clicking on a "cancel/apply/ok" button in a GUI ? A firewall
is based on performing filtering tasks on a layer 3 protocol!
I haven't really heard of such a firewall but heck ive seen stuff in
our line of business that you dont see on any city's Saturday night.
Firewall = application
Its filtering process = Layer 3 (IP)
EOF
Have a nice day,
Mario A. Spinthiras
P.S id enjoy more challenging topics with regards to firewalls. Thank
you.
