Last month I saw a presentation focused at security.
The latter half of the presentation was very misleading (to say the least)
regarding firewall solution and how PIX fit in.
I must say though that earlier this year I saw a similar presentation (also
from a PIX 'person') although advocating PIX was very informational
and did address PIX as a part of a bigger picture.
I don't belive that all services should be on a single box. But some
firewalls are offering those features and it should be taken into account
when comparing costs
> At 05:37 PM 11/25/97 +0000, you wrote:
> >*Some* sale people have presented pix as a firewall that only takes a few
> >minutes to set up and voila: you have a Firewall.
> >They compare it's price to Firewalls that do a lot more than PIX.
> >In their presentation the carefully try not to mention problems such as
> >securing mail or DNS, and don't seem to know what DMZ is.
> I would be curious to know if you have been receiving "bad" information
> from people.
Not at all.
I even think it is very competively priced and usefull.
> Also, I would be curious to know to which problems with Mail and DNS
> you are referring, as there is some mail and DNS protection provided
> with the PIX, albeit not complete.
> Thanks for your help.
I was not referring to specific problems (I only mentioned how in some
cases PIX has been presented).
The point I was trying to make is that most people are looking for a
firewall solution, including proper ('secure') setup of DNS and sendmail.
It means more than adding a single box.
Setting up PIX won't be enough if your sendmail daemon is 5 years old.
As people know it might even not be enough to have smapd on a
firewall/gateway if there is an old bugged sendmail daemon on the inside.