Re: iptables vs cisco pix

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Ryan Hoegg <rhoegg@isisnetworks.net>
To: netfilter@lists.netfilter.org
Subject: Re: iptables vs cisco pix
Date: Mon, 07 Oct 2002 16:41:28 -0400	[thread overview]
Message-ID: <3DA1F178.6060901@isisnetworks.net> (raw)
In-Reply-To: 40410.67.118.146.230.1033576589.squirrel@highwayshouse.net

This topic has come up before.  You need to specify your security 
requirements by building an enterprise security policy before you can 
choose your tools to implement that policy.  PIX and other commercial 
firewalls give you a lot more than packet filtering and NAT.  VPNs, log 
analyzers, clustering, and intrusion detection are some of the features 
you will not see in vanilla linux + iptables.  If your policy needs 
these features, you can give your clients a proposal for your time to 
install, configure, and document a custom linux based solution and 
compare that with the purchase, installation, and configuration of a PIX.

You may find that a Watchguard Firebox is your best bet, especially 
since it runs linux and iptables under the hood.

--
Ryan Hoegg
ISIS Networks

Mike Hull wrote:

>Does anyone know where I could find a comparison of linux+iptables vs
>cisco pix?  I'm trying to convence a couple health care organizations to
>get linux boxes rather than cisco pix solutions.  These people are stuck
>on cisco.  Everything they have is overpriced cisco garbage.  Personally,
>I have compared them, and I have had to replace cisco equipment with an
>iptables firewall.  I don't think they're just going to take my word for
>it though.
>
>Thanks,
>Mike
>

     prev parent reply	other threads:[~2002-10-07 20:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-02 16:36 iptables vs cisco pix Mike Hull
2002-10-03  1:16 ` Rick Deckard
2002-10-07 20:41 ` Ryan Hoegg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DA1F178.6060901@isisnetworks.net \
    --to=rhoegg@isisnetworks.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox