[7975] in North American Network Operators' Group
Re: Firewall in Routers??
daemon@ATHENA.MIT.EDU (Glynn Stanton)
Mon Mar 3 21:14:22 1997
Date: Tue, 4 Mar 1997 02:12:24 +0000 (GMT)
From: Glynn Stanton <glynn@nol.co.uk>
To: nanog@merit.edu
In-Reply-To: <199703032243.QAA11049@rip.ops.neosoft.com>
> I know that Bay is doing this with Checkpoint when (or soon after)
> FW-1 3.0 is released. I assume this would make a deal with cisco
> rather difficult, especially considering the way cisco has been
> pushing the PIX box against FW-1.
Just to throw in a little bit more info..
Theres little comparrison between the two.
PIX is more of an address translation unit with firewalling
capabilities.
Firewall-1 is a fully functional Firewall with limited address
translation.
i.e. PIX has a pool of IP addresses.. true address translation.
Firewall-1 does address 'hiding' making it look to the external world
like all connects come from a single IP.
I tend to prefer to keep routers as routers and firewalls as firewalls,
it reduces the CPU overhead, Problem Determination is easier, and
configurations are kept in a distinct logical box.
Of course this is at the expense of cost, and space.
Glynn Stanton.
