[TriLUG] [OT] Firewall recomendations

jason jason at monsterjam.org
Tue Apr 24 17:26:24 EDT 2007


I believe what they mean is the "fixups" that the pix does to mangle 
certain packet types that other firewalls like straight-up ipfw or 
iptables cannot do. i.e. H323, smtp, ftp, and a few others.. its been a 
while since ive been in the tac and supported it. but they're probably 
things you can live without anyway.

that said, the one thing that the openbsd does do out of the box that 
you will pay even more big $$$ for in cisco is the ability to do 
firewall failover. I *think* the openbsd implementation is called CARP?

Jason


Chris Bullock wrote:
> Cisco ASA vs OpenBSD?
> 
> Had an interesting trip to Cisco briefing center a few weeks back and they
> we telling me that the difference between Cisco and OpenBSD was that
> OpenBSD only did port level packet inspection, where Cisco ASA devices do
> *deep* packet inspection.  Is Cisco feeding me bs or is this true, that
> being said, is OpenBSD as "secure" as it says it is?
> Regards,
> Chris
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 



More information about the TriLUG mailing list