Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

multi-vendor firewalls question..

Hi,

I’m trying to find out whether the other firewall products are better than Cisco firewall. I have experienced with Cisco PIX but not other products like Nortel or 3com or Juniper Networks firewall.

On PIX, its give you useful information such as the arp table, xlate, interface information, static and routing table information, etc.

So if any one have any experienced with others vendor firewall ( e.g. checkpoint, juniper networks firewall) please let me know whether it give similar information as Cisco PIX does.

Thank you in advance,

Merry xmas, and all the best for the new year.

Plssss helpme if you know... i need the answer asap

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: multi-vendor firewalls question..

yes, Netscreen firewall can give you similar information as PIX.

see following samples CLI:

ns-> get interface ethernet1 protocol ospf

VR: trust-vr RouterId: 212.1.1.1

----------------------------------

Interface: ethernet2/1

IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled

Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1

Transit delay: 60s Retransmit interval: 5s Hello interval: 10s

Router Dead interval: 40s Authentication-Type: MD-5

Authentication-Key: ****************

MD-5 KeyId: 1

State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0

Neighbors:

Valid neighbor access list numbers in Vrouter (trust-vr)

----------------------------------------------------------------------

ns-> set interface ethernet1 protocol ospf authentication password 12345678

ns-> save

ns-> set interface ethernet1 zone trust

ns-> set interface ethernet1 ip 180.10.10.1/24

ns-> set interface ethernet1 route

ns-> set interface ethernet3 zone untrust

ns-> set interface ethernet3 ip 201.10.10.1/24

ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2

ns-> set address untrust dhcp_server 194.2.9.10/32

ns-> set ike gateway “dhcp server” ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha

ns-> set vpn to_dhcp gateway “dhcp server” proposal g2-esp-3des-sha

ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10

ns-> set interface ethernet1 dhcp relay vpn

ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp

ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp

ns-> save

3 REPLIES
Bronze

Re: multi-vendor firewalls question..

Hi,

before to try to find out the other vendors, see the Cisco ASA series (http://www.cisco.com/en/US/products/ps6120/index.html)

anyway, I've experience with NS-500 Juniper (netscreen) and I suggest you to read its documentation.

Merry xmas.

Mehrdad

New Member

Re: multi-vendor firewalls question..

Hi Mehrdad,

thank you for the information. Im trying to find out whether other firewall vendors give similar information as Cisco PIX.

Im creating a model based on PIX CLI information(e.g arp table, route table, Nat, interface information, etc.) and I'm trying to find out whether my model can adapt to other firewall vendors (vendor independent).

Ive been looking for documents on firewalls from different vendors but there are lack of documentations (e.g. configuration guidelines).

In summary, does other firewall vendors give similar information as PIX does? Yes/No?

Thank you for youur input.

Bronze

Re: multi-vendor firewalls question..

yes, Netscreen firewall can give you similar information as PIX.

see following samples CLI:

ns-> get interface ethernet1 protocol ospf

VR: trust-vr RouterId: 212.1.1.1

----------------------------------

Interface: ethernet2/1

IpAddr: 20.20.20.20/16, OSPF: enabled, Router: enabled

Type: Ethernet Area: 0.0.0.10 Priority: 100 Cost: 1

Transit delay: 60s Retransmit interval: 5s Hello interval: 10s

Router Dead interval: 40s Authentication-Type: MD-5

Authentication-Key: ****************

MD-5 KeyId: 1

State: Designated Router DR: 20.20.20.20(self) BDR: 0.0.0.0

Neighbors:

Valid neighbor access list numbers in Vrouter (trust-vr)

----------------------------------------------------------------------

ns-> set interface ethernet1 protocol ospf authentication password 12345678

ns-> save

ns-> set interface ethernet1 zone trust

ns-> set interface ethernet1 ip 180.10.10.1/24

ns-> set interface ethernet1 route

ns-> set interface ethernet3 zone untrust

ns-> set interface ethernet3 ip 201.10.10.1/24

ns-> set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 201.10.10.2

ns-> set address untrust dhcp_server 194.2.9.10/32

ns-> set ike gateway “dhcp server” ip 194.2.9.1 main outgoing-interface ethernet3 proposal rsa-g2-3des-sha

ns-> set vpn to_dhcp gateway “dhcp server” proposal g2-esp-3des-sha

ns-> set interface ethernet1 dhcp relay server-name 194.2.9.10

ns-> set interface ethernet1 dhcp relay vpn

ns-> set policy from trust to untrust any dhcp_server dhcp-relay tunnel vpn to_dhcp

ns-> set policy from untrust to trust dhcp_server any dhcp-relay tunnel vpn to_dhcp

ns-> save

103
Views
0
Helpful
3
Replies