comp.security.firewalls archive
Re: best firewall
Date: Tue Feb 07 2006 - 20:24:32 CET
In article <Xns9763665902047juergennieveler@nieveler.org>,
Juergen Nieveler <juergen.nieveler.nospam@arcor.de> wrote:
>gigabyte <gigabyte@rrrrrrrrr.invalid> wrote:
>> not familiar with IOS
>That in itself would be a reason to rethink wether you really want a
>PIX.
>The PIX is very powerfull (depending on the version, of course), but
>like all Cisco devices you can only really configure it if you learn
>IOS, which will take some time.
PIX's operating system is "Finesse", not IOS, and the command set
through 6.3 is not close enough to IOS to make learning IOS a particular
benefit. Sure the ACLs are pretty similar, but with object-groups they
are also noticably different... and the mechanisms for editting
ACLs in PIX 6 differ noticably from IOS's mechanims.
PIX 7.0 has a noticably different syntax that is much closer to IOS.
The problem with PIX is not the mechanics of learning CLI entry
or what an ACL entry should look like: the problem is that there are
so -many- features and a lack of a good roadmap as to how the features
interact.
Received on Tue Feb 7 20:59:33 2006