02-13-2002 11:15 AM - edited 03-08-2019 09:48 PM
Does CISCO products employ stateful firewall technology? Is there any reference model of that technology?
It is said Stateful Firewall is as secure as proxy firewall, how can compare them, I mean quantitively?
thx
Dong
02-13-2002 12:40 PM
PIX models 515 and up have that capability.
To deploy it you'll need to dedicate one interface on each PIX for state information exchange and connect two boxes with Ethernet crossover cable.
The interface settings should be 100full on both boxes.
As about price - that's probably the cheapest solution available on the market now.
02-14-2002 03:41 AM
Stateful Firewall means maintaining a table of information on each connection that is present in the firewall. The PIX has the edge over Proxy firewalls with its "cut through proxy" ability.
This checks the first packet in a session and then utilising uauth and the state table fast switches all susequent packets. Proxies must check every packet, passing them up and down the tcp/ip stack.
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pix_pa.htm
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm
There may have been a misunderstanding.
Failover will require a dedicated serial cable and failover feature activation as well as the items mentioned by eenest.
Full details here
http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/failover.htm
02-25-2002 07:10 PM
The Cisco IOS Firewall Features Set includes stateful firewalls, and they are fairly easy to set up. I personally have a low-end Cisco 806 with the FW IOS.
04-24-2002 04:25 AM
Is IOS Firewall Feature set an optional package that one must purchase or it is something I can download at Cisco? I just purchased a 806 and not too familiar with what Cisco is offering.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide