12-15-2005 10:05 PM - edited 03-09-2019 01:22 PM
Hi,
Im trying to find out whether the other firewall products are better than Cisco firewall. I have experienced with Cisco PIX but not other products like Nortel or 3com or Juniper Networks firewall.
On PIX, its give you useful information such as the arp table, xlate, interface information, static and routing table information, etc.
So if any one have any experienced with others vendor firewall ( e.g. checkpoint, juniper networks firewall) please let me know whether it give similar information as Cisco PIX does.
Thank you in advance,
Merry xmas, and all the best for the new year.
Plssss helpme if you know... i need the answer asap
Solved! Go to Solution.
12-16-2005 12:10 AM
yes, Netscreen firewall can give you similar information as PIX.
see following samples CLI:
ns-> get interface ethernet1 protocol ospf
VR: trust-vr RouterId: 212.1.1.1
----------------------------------
Interface: ethernet2/1
IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled
Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1
Transit delay: 60s Retransmit interval: 5s Hello interval: 10s
Router Dead interval: 40s Authentication-Type: MD-5
Authentication-Key: ****************
MD-5 KeyId: 1
State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0
Neighbors:
Valid neighbor access list numbers in Vrouter (trust-vr)
----------------------------------------------------------------------
ns-> set interface ethernet1 protocol ospf authentication password 12345678
ns-> save
ns-> set interface ethernet1 zone trust
ns-> set interface ethernet1 ip 180.10.10.1/24
ns-> set interface ethernet1 route
ns-> set interface ethernet3 zone untrust
ns-> set interface ethernet3 ip 201.10.10.1/24
ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2
ns-> set address untrust dhcp_server 194.2.9.10/32
ns-> set ike gateway dhcp server ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha
ns-> set vpn to_dhcp gateway dhcp server proposal g2-esp-3des-sha
ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10
ns-> set interface ethernet1 dhcp relay vpn
ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp
ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp
ns-> save
12-15-2005 10:23 PM
Hi,
before to try to find out the other vendors, see the Cisco ASA series (http://www.cisco.com/en/US/products/ps6120/index.html)
anyway, I've experience with NS-500 Juniper (netscreen) and I suggest you to read its documentation.
Merry xmas.
Mehrdad
12-15-2005 11:18 PM
Hi Mehrdad,
thank you for the information. Im trying to find out whether other firewall vendors give similar information as Cisco PIX.
Im creating a model based on PIX CLI information(e.g arp table, route table, Nat, interface information, etc.) and I'm trying to find out whether my model can adapt to other firewall vendors (vendor independent).
Ive been looking for documents on firewalls from different vendors but there are lack of documentations (e.g. configuration guidelines).
In summary, does other firewall vendors give similar information as PIX does? Yes/No?
Thank you for youur input.
12-16-2005 12:10 AM
yes, Netscreen firewall can give you similar information as PIX.
see following samples CLI:
ns-> get interface ethernet1 protocol ospf
VR: trust-vr RouterId: 212.1.1.1
----------------------------------
Interface: ethernet2/1
IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled
Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1
Transit delay: 60s Retransmit interval: 5s Hello interval: 10s
Router Dead interval: 40s Authentication-Type: MD-5
Authentication-Key: ****************
MD-5 KeyId: 1
State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0
Neighbors:
Valid neighbor access list numbers in Vrouter (trust-vr)
----------------------------------------------------------------------
ns-> set interface ethernet1 protocol ospf authentication password 12345678
ns-> save
ns-> set interface ethernet1 zone trust
ns-> set interface ethernet1 ip 180.10.10.1/24
ns-> set interface ethernet1 route
ns-> set interface ethernet3 zone untrust
ns-> set interface ethernet3 ip 201.10.10.1/24
ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2
ns-> set address untrust dhcp_server 194.2.9.10/32
ns-> set ike gateway dhcp server ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha
ns-> set vpn to_dhcp gateway dhcp server proposal g2-esp-3des-sha
ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10
ns-> set interface ethernet1 dhcp relay vpn
ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp
ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp
ns-> save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide