Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Stateful Firewall

Does CISCO products employ stateful firewall technology? Is there any reference model of that technology?

It is said Stateful Firewall is as secure as proxy firewall, how can compare them, I mean quantitively?

thx

Dong

4 REPLIES
Community Member

Re: Stateful Firewall

PIX models 515 and up have that capability.

To deploy it you'll need to dedicate one interface on each PIX for state information exchange and connect two boxes with Ethernet crossover cable.

The interface settings should be 100full on both boxes.

As about price - that's probably the cheapest solution available on the market now.

Community Member

Re: Stateful Firewall

Stateful Firewall means maintaining a table of information on each connection that is present in the firewall. The PIX has the edge over Proxy firewalls with its "cut through proxy" ability.

This checks the first packet in a session and then utilising uauth and the state table fast switches all susequent packets. Proxies must check every packet, passing them up and down the tcp/ip stack.

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pix_pa.htm

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm

There may have been a misunderstanding.

Failover will require a dedicated serial cable and failover feature activation as well as the items mentioned by eenest.

Full details here

http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/failover.htm

Community Member

Re: Stateful Firewall

The Cisco IOS Firewall Features Set includes stateful firewalls, and they are fairly easy to set up. I personally have a low-end Cisco 806 with the FW IOS.

Community Member

Re: Stateful Firewall

Is IOS Firewall Feature set an optional package that one must purchase or it is something I can download at Cisco? I just purchased a 806 and not too familiar with what Cisco is offering.

302
Views
0
Helpful
4
Replies
CreatePlease to create content