we'be Checkpoint VPN-1/FW-1 in perimeter & Cisco PIX 525 in Internal (Dual FW design).
We've also put ACLs on Perimeter Router.
My question is:-
1. Do I still need to configure CBAC on Perimeter Router even though Checkpoint is there. If yes why? as it will unnecessarily put more processing load on router and why to do Stateful inspeciton again when Checkpoint is there
Internet > Internet_Router>Checkpoint>DMZ>PIX>Internal N/W
2. Do I need to configure IPS on Perimeter Router even we are using SNORT ?
3. How good is Cisco IPS to SNORT
4. How to allow NAV updates to DMZ Server through any Firewall as SAV liveupdate as 100's of Servers & i want to restric it using URL and not through IP
5. How to block inbound Spoofed emails, can any Firewall so that?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...