Network Security: Detailed info on Re: [Full-Disclosure] PIX vs CheckPoint

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] PIX vs CheckPoint

from [Matt Ostiguy] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] PIX vs CheckPoint
Date:	Tue, 29 Jun 2004 22:12:40 -0400

On Tue, 29 Jun 2004 16:57:42 -0700 (PDT), Gary E. Miller <gem@rellim.com> wrote:

I agree, except for one small problem.  Don't you still have to delete
ALL the filter rules, and reenter them ALL to change the order of the
rules? last I checked there was no "insert before", "insert at top" sort
of options.  Just "insert at end".  This and other features can really
slow down the otherwise decent CLI.


PIX OS 6.2 (IIRC) introduced a feature for line editing: 

access list ostiguy line 15... should enter this line as line 15 in the acl.
no access list ostiguy line 12 should delete line 12 of the acl.

Another bad thing about the PIX CLI is that is looks a lot like the IOS CLI,
but has lots of subtle differences that will byte you when you least expect
it.

RGDS
GARY


I can't think of an instance where this is a bad thing, as generally,
the pix is more forgiving than IOS, as all the show commands work in a
PIXen's configuration mode.

ostiguy

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [Full-Disclosure] PIX vs CheckPoint; IMHO Netscreen is far superior, (continued) RE: [Full-Disclosure] PIX vs CheckPoint; IMHO Netscreen is far superior, Gary E. Miller Re: [Full-Disclosure] PIX vs CheckPoint; IMHO Netscreen is farsuperior, Aditya, ALD [ Aditya Lalit Deshmukh ] RE: [Full-Disclosure] PIX vs CheckPoint, Gary E. Miller Re: [Full-Disclosure] PIX vs CheckPoint, John Kinsella Re: [Full-Disclosure] PIX vs CheckPoint, Eric Paynter RE: [Full-Disclosure] PIX vs CheckPoint, Tom Curry Re: [Full-Disclosure] PIX vs CheckPoint, Gary E. Miller Re: [Full-Disclosure] PIX vs CheckPoint, Eric Paynter Re: [Full-Disclosure] PIX vs CheckPoint, Jeff Kell Re: [Full-Disclosure] PIX vs CheckPoint, Simon Burr Re: [Full-Disclosure] PIX vs CheckPoint, Matt Ostiguy <= RE: [Full-Disclosure] PIX vs CheckPoint, Perrymon, Josh L. RE: [Full-Disclosure] PIX vs CheckPoint, Otero, Hernan (EDS) Re: [Full-Disclosure] PIX vs CheckPoint, B3r3n RE: [Full-Disclosure] PIX vs CheckPoint, Ray P Re: [Full-Disclosure] PIX vs CheckPoint, Jim Burwell RE: [Full-Disclosure] PIX vs CheckPoint, Otero, Hernan (EDS) Re: [Full-Disclosure] PIX vs CheckPoint, Cyril Guibourg Re: [Full-Disclosure] PIX vs CheckPoint, Ben Nelson Re: [Full-Disclosure] PIX vs CheckPoint, Cyril Guibourg Re: [Full-Disclosure] PIX vs CheckPoint, Jim Burwell

Previous by Date:	RE: [Full-Disclosure] PIX vs CheckPoint, Ray P
Next by Date:	RE: [Full-Disclosure] Tools for checking for presence of adware remotely, Jeff Schreiner
Previous by Thread:	Re: [Full-Disclosure] PIX vs CheckPoint, Simon Burr
Next by Thread:	RE: [Full-Disclosure] PIX vs CheckPoint, Perrymon, Josh L.
Indexes:	[Date] [Thread] [Top] [All Lists]