If you are going to use the Ascend you need to get their Secure Access Firewall. The filters are VERY limiting but you can fix that with the Firewall product. Great GUI interface.
----------
From: Roger Marquis[SMTP:marquis @
roble .
com]
Sent: Monday, February 09, 1998 3:13 AM
To: Firewalls @
GreatCircle .
COM
Subject: Re: Livingston & Ascend
On Thu, 5 Feb 1998 07:56:27 "Delia Garcia" <delia @
gate .
net> wrote:
> Hi, new to group. Recently switched companies and have gone from a
> Livingston and Firewall solution to an Ascend solution. Ascend was chosen
> by our ISP, but I know nothing about them. I think the solution is more
> like the Livingston, mainly packet-filtering, but I am not sure. Is anyone
> there using ASCEND, if so can you let me know what you think of it, compared
> to PIC, Livingston, or Firewall 1.
Good luck with Ascend filters. We've found them to be inferior to
Livingston and Cisco due to the user interface. You'll also be
limited in the total number of filters which can be applied, typically
24 in each direction (12 ether-out + 12 wan-in).
Be sure to read the security section in their manuals, in short:
1) scramble the SNMP passwords,
2) assign telnet and security passwords,
3) change the default password for "Full Access",
4) (define WAN and ethernet filters),
5) disable remote admin,
6) disable ICMP redirects (verify environment),
7) use CHAP where possible, PAP otherwise,
8) require profile = yes,
9) enable syslog (check loghost, local#),
10) upgrade to 5.1A+ for better logging.
Roger Marquis
Roble Systems Consulting
http://www.roble.com/consulting
|
|
