CBAC , IPS requirement

yogendra.trivedi · ‎01-01-2007

Hi Guys/Gals,

we'be Checkpoint VPN-1/FW-1 in perimeter & Cisco PIX 525 in Internal (Dual FW design).

We've also put ACLs on Perimeter Router.

My question is:-

1. Do I still need to configure CBAC on Perimeter Router even though Checkpoint is there. If yes why? as it will unnecessarily put more processing load on router and why to do Stateful inspeciton again when Checkpoint is there

Internet > Internet_Router>Checkpoint>DMZ>PIX>Internal N/W

2. Do I need to configure IPS on Perimeter Router even we are using SNORT ?

3. How good is Cisco IPS to SNORT

4. How to allow NAV updates to DMZ Server through any Firewall as SAV liveupdate as 100's of Servers & i want to restric it using URL and not through IP

5. How to block inbound Spoofed emails, can any Firewall so that?

Thanks in advance.

Yogi

Collin Clark · ‎01-02-2007

1. You don't have to and I probably would'nt.

2. Not unless you want/need both

3. I think SNORT is better than IOS based IDS. SNORT does not provide IPS as far as I'm aware so Cisco wins in IPS.

4. I'm not familiar with FW-1 so I don't know how to do it. I know PIX and Juniper can do it (redirect http requests to proxy).

5. FW, not that I know of. There are a lot of SPAM killers out there that can help. SPAM assassin is a pretty good one.

HTH and please rate if it does.