| |
| |||||||
| |
 |
| | LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
10-12-2006, 08:08 PM
| #1 (permalink) |
| FoH Member with a rod in his pants  Join Date: Jan 2002 Location: Forest, MS
Posts: 243
| Anyone worked with Cisco PIX's before I got one and I'm wanting to use it to replace my Cyberguard firewall. I was wondering if anyone here had any experience with them and I could ask a couple questions of via PM.
__________________  |
|  |
|
10-13-2006, 02:52 AM
| #2 (permalink) |
| Jesus with laser  Join Date: Apr 2003
Posts: 533
+8 Internets | Honestly, PIX is shit. If you want to replace your firewalls, look for the Juniper Netscreen products. I have been working with them for about 5 years now, and I am very happy about it. They are reliable, and quite easy to configure and maintain. There is a lot of documentation, lots of exemples, and their customer support is good. Their products range from quite small firewalls (NS5GT) to the large company/provider equipment (NS5200/5400) Here is a brief listing of their firewalls with some basic infos : https://www.juniper.net/products/integrated/ ***edit : When I say Pix is shit, I do not just say it out of the blue, but as a comparaison to the Netscreen products. I have worked with Pix firewalls quite a few times, and thought it was terrible.
__________________ Praise Xenu Last edited by woot! : 10-13-2006 at 03:05 AM. |
|
| |
|
10-14-2006, 02:12 AM
| #3 (permalink) |
| Banned Join Date: Jul 2002
Posts: 518
| Whatever you do, stay away from Sonicwall's TZ170. Good concept, terrible implementation, and the support is horrid. BTW, do the Netscreens do Inbound/Outbound bandwidth management? That was one of the features that the TZ170 had going for it; bandwidth management has it's uses, especially today when you're a small business using 1 connection to run everything, including hosting for multiple clients of several services. |
|
| |
|
10-14-2006, 06:02 PM
| #6 (permalink) |
| FoH Member with a rod in his pants Join Date: Jan 2002 Location: Forest, MS
Posts: 243
| Well I own the PIX and I got it in trade for some service work so I probably am going to stick with it for now. Port forwarding is a bitch on it though...the Cyberguard was real easy...pick the port, incomming interface, then pick the destination port/interface and done. Access lists and more for the PIX. So any of ya mind if I ask about them in PMs?
__________________ |
|
| |
|
10-17-2006, 03:15 AM
| #8 (permalink) | |
| Jesus with laser Join Date: Apr 2003
Posts: 533
+8 Internets | Quote:
For exemple, you can define that your ssh connexion going through the vpn tunnel set up with office #2 have highest priority, and that 128k of your bandwith will be reserved for it no matter what. Then that all the outgoing http traffic towards the internet has lowest priority compared to the rest of the traffic, apart from http connexions coming from your sales's dept subnet going to your company's website that would have a bit higher priority.
__________________ Praise Xenu | |
|
| |
|
10-18-2006, 07:14 PM
| #9 (permalink) |
| FoH Member with a rod in his pants Join Date: Jan 2002 Location: Forest, MS
Posts: 243
| About the PIX...I am thinking I need an access-list like this ip access-list 100 permit tcp any 192.168.1.100 eq 3389 apply it to the outside interface like this config-if# ip access-group 100 in now for the reverse so traffic flows back out ip access-list 101 permit tcp 192.168.1.100 any eq 3389 apply to the internal interface config-if# ip access-group 101 out Any ideas if thats the way to do it?
__________________ |
|
| |
|
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|  | |
Linear Mode
