Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CBAC , IPS requirement

Unanswered Question
Jan 1st, 2007
User Badges:

Hi Guys/Gals,

we'be Checkpoint VPN-1/FW-1 in perimeter & Cisco PIX 525 in Internal (Dual FW design).

We've also put ACLs on Perimeter Router.

My question is:-

1. Do I still need to configure CBAC on Perimeter Router even though Checkpoint is there. If yes why? as it will unnecessarily put more processing load on router and why to do Stateful inspeciton again when Checkpoint is there

Internet > Internet_Router>Checkpoint>DMZ>PIX>Internal N/W

2. Do I need to configure IPS on Perimeter Router even we are using SNORT ?

3. How good is Cisco IPS to SNORT

4. How to allow NAV updates to DMZ Server through any Firewall as SAV liveupdate as 100's of Servers & i want to restric it using URL and not through IP

5. How to block inbound Spoofed emails, can any Firewall so that?

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Collin Clark Tue, 01/02/2007 - 10:47
User Badges:
  • Purple, 4500 points or more

1. You don't have to and I probably would'nt.

2. Not unless you want/need both

3. I think SNORT is better than IOS based IDS. SNORT does not provide IPS as far as I'm aware so Cisco wins in IPS.

4. I'm not familiar with FW-1 so I don't know how to do it. I know PIX and Juniper can do it (redirect http requests to proxy).

5. FW, not that I know of. There are a lot of SPAM killers out there that can help. SPAM assassin is a pretty good one.

HTH and please rate if it does.


This Discussion