Solved: Re: multi-vendor firewalls question..

after1111 · ‎12-15-2005

Hi,

I’m trying to find out whether the other firewall products are better than Cisco firewall. I have experienced with Cisco PIX but not other products like Nortel or 3com or Juniper Networks firewall.

On PIX, its give you useful information such as the arp table, xlate, interface information, static and routing table information, etc.

So if any one have any experienced with others vendor firewall ( e.g. checkpoint, juniper networks firewall) please let me know whether it give similar information as Cisco PIX does.

Thank you in advance,

Merry xmas, and all the best for the new year.

Plssss helpme if you know... i need the answer asap

mehrdad · ‎12-16-2005

yes, Netscreen firewall can give you similar information as PIX.

see following samples CLI:

ns-> get interface ethernet1 protocol ospf

VR: trust-vr RouterId: 212.1.1.1

----------------------------------

Interface: ethernet2/1

IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled

Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1

Transit delay: 60s Retransmit interval: 5s Hello interval: 10s

Router Dead interval: 40s Authentication-Type: MD-5

Authentication-Key: ****************

MD-5 KeyId: 1

State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0

Neighbors:

Valid neighbor access list numbers in Vrouter (trust-vr)

----------------------------------------------------------------------

ns-> set interface ethernet1 protocol ospf authentication password 12345678

ns-> save

ns-> set interface ethernet1 zone trust

ns-> set interface ethernet1 ip 180.10.10.1/24

ns-> set interface ethernet1 route

ns-> set interface ethernet3 zone untrust

ns-> set interface ethernet3 ip 201.10.10.1/24

ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2

ns-> set address untrust dhcp_server 194.2.9.10/32

ns-> set ike gateway “dhcp server” ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha

ns-> set vpn to_dhcp gateway “dhcp server” proposal g2-esp-3des-sha

ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10

ns-> set interface ethernet1 dhcp relay vpn

ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp

ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp

ns-> save

View solution in original post

mehrdad · ‎12-15-2005

Hi,

before to try to find out the other vendors, see the Cisco ASA series (http://www.cisco.com/en/US/products/ps6120/index.html)

anyway, I've experience with NS-500 Juniper (netscreen) and I suggest you to read its documentation.

Merry xmas.

Mehrdad

after1111 · ‎12-15-2005

Hi Mehrdad,

thank you for the information. Im trying to find out whether other firewall vendors give similar information as Cisco PIX.

Im creating a model based on PIX CLI information(e.g arp table, route table, Nat, interface information, etc.) and I'm trying to find out whether my model can adapt to other firewall vendors (vendor independent).

Ive been looking for documents on firewalls from different vendors but there are lack of documentations (e.g. configuration guidelines).

In summary, does other firewall vendors give similar information as PIX does? Yes/No?

Thank you for youur input.

mehrdad · ‎12-16-2005

yes, Netscreen firewall can give you similar information as PIX.

see following samples CLI:

ns-> get interface ethernet1 protocol ospf

VR: trust-vr RouterId: 212.1.1.1

----------------------------------

Interface: ethernet2/1

IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled

Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1

Transit delay: 60s Retransmit interval: 5s Hello interval: 10s

Router Dead interval: 40s Authentication-Type: MD-5

Authentication-Key: ****************

MD-5 KeyId: 1

State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0

Neighbors:

Valid neighbor access list numbers in Vrouter (trust-vr)

----------------------------------------------------------------------

ns-> set interface ethernet1 protocol ospf authentication password 12345678

ns-> save

ns-> set interface ethernet1 zone trust

ns-> set interface ethernet1 ip 180.10.10.1/24

ns-> set interface ethernet1 route

ns-> set interface ethernet3 zone untrust

ns-> set interface ethernet3 ip 201.10.10.1/24

ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2

ns-> set address untrust dhcp_server 194.2.9.10/32

ns-> set ike gateway “dhcp server” ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha

ns-> set vpn to_dhcp gateway “dhcp server” proposal g2-esp-3des-sha

ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10

ns-> set interface ethernet1 dhcp relay vpn

ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp

ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp

ns-> save