On Tue, 4 Nov 1997, Andreas Siegert wrote:
> I am looking for Information on the filtering capabilities of Bay networks
> Routers. I know that there is a firewall-1 Module for them, but I am looking
> for the basic stuff. Can I do sensible Syn/Ack checks with plenty of rules,
> specific to in and outbound traffic? Can I log all specific to rules?
> I have seen quite a few of their web pages, but all I found was rather crude
> (only 31 rules, no SYN/ACK check), is that really true in current releases?
> thanks for any hints
With 10.x GAME they got to 128 rules but, at least with what I've seen,
the general efficiency of filtering is much worse than with IOS. (I
suspect there must be substantially different algorithmic approaches in
the internal code between Bay/Cisco.) We ended up replacing all the Bay
stuff with Cisco 7206s where we needing filtering rules. Even end users
commented on the perceptible difference in "crispness" in surfing the Web,
etc. The logging is much weaker than with IOS (you can tell if it dropped
a TCP or UDP packet but not the source or destination ports of the packet)
and the management software (Site Manager) is - well let's be charitable
and say it is an excellent late '80s implementation of an engineer's tool
that Marketing must have decided to "get a GUI" for.
I like Bay's switches but they have traditionally been a few years
behind the curve with router technology, at least in terms of feature set.
They are supposedly quite fast but, again in anecdotal observation, are
not well suited to "high accountability" projects.
Enough opinion for you? ;-)