[Dshield] Re: Cisco Router/Firewall - which is the best for me?

Lord Raiden lordraiden at uni.de
Sun Oct 3 20:34:55 GMT 2004


Hey Benjamin,

im quite familiar with the 836 Routers from cisco. they are generally very 
good, but dont give you any IDS Features or real FW abilities, as those  
routers just go up to layer 4 (TCP&UDP) which ownt really help ya. for me 
the access lists are just one point before the real application firewall. 

they cost about 800euro . 

the cisco pix is one hardware firewall which is really great, but from what 
i know hard to maintain and configure (never had one under my hands yet). So 
this is just what i got told. Many ppl love it, many ppl hate it :) 

on the 17xx routers, i can just say they might be a bit big for your 
purpose/wishes. 

Those things are, with a good configuration, very expensive and normally do 
good routing abilities with the correct ios (which you still have to buy 
with the router). 

I myself would just upgrade the linux distr with the iptables if you just 
need a bit of fw and routing. Linux is very good , or morely iptables to do 
routing :) 

hope this helps ya a bit 


Benjamin Koch schreibt:: 

> Hello list 
> 
> i have some general questions about some cisco products.
> First of all, i'm a cisco newbie :) 
> 
> I have an linux iptables router/gateway for my home/SOHO network (5 Hosts)
> but the wattage of this box is a bit high...
> I thought it would be better using a HW Router/Firewall. 
> 
> The standard customer HW Routers are not that configurable as i want.
> I like the total control like iptables does. Packets must match some
> criteria like:
> -Input Interface
> -Protocol
> -Source IP
> -Source Port
> -Output Interface
> -Destination IP
> -Destination Port
> and some other stuff to get accepted - or denied. 
> 
> Then i remembered Cisco Systems - one of the top Network Companies.
> I found some products like
> Cisco 1712/1710 Security Router
> Cisco 831 4xRJ45 10MBit
> and the Cosco PIX 501 
> 
> All three are having a Firewall but i don`t know which one is matching
> my needs. 
> 
> Here are my wishes:
> connect a DSL modem (RJ45)
> connect a LAN (RJ45 - 1Port is enough -> Switch)
> Routing ability (Internet Connection Sharing and FTP/Remote Admin. NAT)
> Firewall (Features shown above)
> Traffic Shaping (Bandwith limiting for some explicit given Hosts)
> IDS (i must configure and maintain it by myself?)
> URL/IP blacklist ability 
> 
> CSA - maybe - i should first know what this Cisco Security Agend is
> doing ;)
> Easy configure would be nice at the beginning... *Cisco newbie* 
> 
> It should be as cheap as possible. Max 600EUR - ok 800EUR will be ok
> too but it must have the most of the requested features. 
> 
> I don't know which is the right product for me and i don't know who to
> ask...
> Not everybody has a Cisco Router/Firewall at home :)
> So i ask you and all the versed admins in this list. 
> 
> I hope you can help me 
> 
> -- 
> Best regards,
>  Benjamin                          mailto:BK-D at gmx.de 
> 
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org . 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
 


____________________________________________________________________________ 
________
Die Apple Spitzenprodukte jetzt auf http://www.uni.de" 




More information about the list mailing list