And IOS firewall is also much more strict on the TCP finite state
machine: checking all states and checking whether the sequence
number fits in expected sequence.
More logging and auditing are also provided
Regards
-eric
At 13:54 8/12/00 +1300, Robert Purdy (DSL AK) wrote:
>Can anyone tell me what added features I get out of putting the Firewall IOS
>on a 1600 over what I can do in ACLs?
>
>For a B2B connection that does not have a requirement to be 100%
>bullet-proof all the time, is a Firewall IOS really required?
>
>Are there any holes in a ACL apart from the fact that there is an implicit
>allow rather than deny if the ACL is not no the interface?
>
>Thanks
>Rob Purdy
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards_at_nfr.com
>http://www.nfr.com/mailman/listinfo/firewall-wizards
Eric Vyncke
Distinguished Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke_at_cisco.com Mobile: +32-475-312.458
PGP Key available on request MOBILE HAS CHANGED ON 11th November 2000
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Dec 14 2000
Intro
