Now If i may add some more 'fun' to this thread. One reason why cisco didn't
compete in this bake off 'could' of been because their firewall performance
decreases significantly when major FW functionalities are turned on for
example NAT or even passing small packets. Or they are big enough that
they really could careless about small bake offs such as these. They'd much
rather play the corporate political card and strong arm than winning
technicaly in my experience...
Anyone wonder why cisco never publishs #'s for their fw / asa/isr w/ small
packets or mixed packet size?
Also most 'independent' testers such as tolly or other groups are paid/for
hire.
And yes i also used to work w/ multi vendor fw's everyday
On 10/27/06, Joe Kim <joekim13@gmail.com> wrote:
This is more fun than i thought. This FW bake off is from 2005!!! and yes
i know the PIX is replaced by the ASA and yes i was talking about market
share or according to Gartners magic quadrant for fw's.
Joe
On 10/26/06, Ivan . <ivanhec@gmail.com> wrote:
>
> top 3 includes Cisco? Cisco didn't even submit the Pix for this
> bakeoff??? They may be in the top 3 for market share, but I doubt they
> are even close when it comes to technology
>
> Deep Inspection Firewalls
> http://www.networkcomputing.com/showArticle.jhtml?articleID=160910889&pgno=1
>
>
> cheers
> Ivan
>
> On 10/27/06, Joe Kim <joekim13@gmail.com> wrote:
> > actually genous, a layer 3 firewall is simply a packet filter such as
> a
> > router that is not state aware. Most firewalls these days will do some
> level
> > layer 3~7 inspection. Such as keeping state and performing RFC,
> application
> > specfic inspection.
> >
> > The top 3 firewalls in the market Juniper Netscreen, Checkpoints,
> Cisco all
> > do more than layer 3 inspection.
> >
> > Joe
> >
> > On 10/24/06, Mario A. Spinthiras <mario@netway.com.cy> wrote:
> > > Ivan . wrote:
> > > > There are more App based firewalls around, like
> > > >
> > > > http://www.netcontinuum.com/
> > > >
> > > > cheers
> > > > Ivan
> > > >
> > > > On 19 Oct 2006 21:21:59 -0000, joekim13@gmail.com <
> joekim13@gmail.com>
> > > > wrote:
> > > >> do you need layer 7 inspection or layer 7 proxy?
> > > >>
> > > >> For proxy fw's sidewinder ( dont' really prefer to use them) or
> > > >> Symantec Gateway Security applicances ( symantec announced they
> are
> > > >> discontinuing).
> > > >>
> > > >> As for fw's i'd recommend a Netscreen fw as they can have IPS/IDP
> > > >> blades in combination with a stateful inspection firewall. Check
> out
> > > >> the ISG line.
> > > >>
> > > >> Another decent layer 7 inspection fw is checkpoint. but costly
> and
> > > >> limited # of layer 7 inspection.
> > > >>
> > > >> Joe
> > > >>
> > > >
> > > >
> > > Layer 7 proxy ? What does that do deny you from entering input in a
> CLI
> > > or clicking on a "cancel/apply/ok" button in a GUI ? A firewall is
> based
> > > on performing filtering tasks on a layer 3 protocol!
> > >
> > > I haven't really heard of such a firewall but heck ive seen stuff in
> our
> > > line of business that you dont see on any city's Saturday night.
> > >
> > > Firewall = application
> > >
> > > Its filtering process = Layer 3 (IP)
> > >
> > >
> > > EOF
> > >
> > >
> > > Have a nice day,
> > > Mario A. Spinthiras
> > >
> > >
> > > P.S id enjoy more challenging topics with regards to firewalls.
> Thank you.
> > >
> >
> >
>
