> To clarify the PIX Firewall, it is not a packet filter. It is a dedicated
> security device, built with one purpose in mind -- securing the private LAN
> to the Internet.
>
Hmm, from what I've seen, it certainly does qualify as an IP filtering
device. It bases its ACLs on header information, namely src,port,dst,port.flags
It obviously is not an application level gateway, therefore you may be competing
with TIS/Raptor for market share, although it is quite different technology.
It appears to be a packet filtering device that has NAT capabilities...
> We are in fact directly in competition with Checkpoint, Raptor, TIS, etc.
> The "cut-through proxy" feature provides a significant performance
> enhancement to the security function since users are authenticated at the
> application layer. Once authenticated, the process flow shifts back to the
> network layer which provides the high performance.
I would have to agree that most likely there is a performance
enhancement by using PIX instead of an application level gateway. My question
would be, if the PIX product is a firewall, how it it securing the
sendmail/mail transport agent for the customers? When mail comes inbound,
it has to speak to something.. Since PIX does not have a MTA itself, obviously
another box is required. If this is so, the level of security of the MTA is
crutial... This seems to be a bad thing.
Also, using something like PIX, is there features that allow filtering
of data such as email-content, or java/javascript? What about time based
access control? Or what about data reduction utilities to utilize the syslog
information that I would assume the PIX can provide...?
Jeromie Jackson
Garrison Technologies
jeromie @
garrison .
com
|
|
