firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: is the ASA a true hardware solution? (ArkanoiD)
2. Re: is the ASA a true hardware solution? (Dave Brockman)
3. Re: is the ASA a true hardware solution? (david@lang.hm)
4. Re: is the ASA a true hardware solution? (Paul Melson)
----------------------------------------------------------------------
Message: 1
Date: Sat, 7 May 2011 00:37:53 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] is the ASA a true hardware solution?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20110506203753.GA5990@eltex.net>
Content-Type: text/plain; charset=koi8-r
Yes, it is basically a generic PC.
But why do you care?
On Thu, May 05, 2011 at 01:11:50PM -0400, Greg Whynott wrote:
>
> should one not have any sort of encryption needs, would this box considered a software firewall? I couldn't find one custom asic, module or other chip with a cisco brand stamp on it, beyond the flash.
>
------------------------------
Message: 2
Date: Fri, 06 May 2011 19:10:22 -0400
From: Dave Brockman <dave@brockmans.com>
Subject: Re: [fw-wiz] is the ASA a true hardware solution?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4DC47FDE.2060004@brockmans.com>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5/5/2011 1:11 PM, Greg Whynott wrote:
>
> in the context of the never ending debates related to
> software/hardware firewalls...
>
>
> i was looking inside of our newest 5580, it appears to be a
> standard HP server box (DL585) with a hardware encryption
> accelerator option card inserted into a pci slot. everything else
> appears to be verbatim to what you would receive from HP if you
> ordered their high end x86 server box.
>
> should one not have any sort of encryption needs, would this box
> considered a software firewall? I couldn't find one custom asic,
> module or other chip with a cisco brand stamp on it, beyond the
> flash.
>
>
> thanks!
>
> -g
ASA devices are software firewalls w/ hardware accelerated encryption.
It also uses Linux and virtualization, although I'm not well versed in
the specifics, but I believe a search on Google should lend more.
Regards,
dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3Ef94ACgkQABP1RO+tr2TdewCcDSN7qHiKNpZVx6zyQuZjQxcK
SuwAn0FsQRPcgkJjcjQT+u0Uqb8o2JeV
=L6W/
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Fri, 6 May 2011 14:01:02 -0700 (PDT)
From: david@lang.hm
Subject: Re: [fw-wiz] is the ASA a true hardware solution?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.00.1105061357410.21123@asgard.lang.hm>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
the pix/asa firewalls have been stanard PC chips/motherboards for many
years. the only place you see ASICs is on the very high end devices, and
there it's on the network interfaces.
however, as far as management is concerned, this is a 'hardware' firewall,
not a software firewall because it is not running a commodity OS, the fact
that it's still running an OS, just a priorietary one slipps past them)
On Thu, 5 May 2011, Greg Whynott
wrote:
> in the context of the never ending debates related to software/hardware firewalls...
>
>
> i was looking inside of our newest 5580, it appears to be a standard HP server box (DL585) with a hardware encryption accelerator option card inserted into a pci slot. everything else appears to be verbatim to what you would receive from HP if you ordered their high end x86 server box.
>
> should one not have any sort of encryption needs, would this box considered a software firewall? I couldn't find one custom asic, module or other chip with a cisco brand stamp on it, beyond the flash.
>
>
> thanks!
>
> -g
>
>
>
> --
>
> This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 4
Date: Fri, 6 May 2011 17:45:59 -0400
From: Paul Melson <pmelson@gmail.com>
Subject: Re: [fw-wiz] is the ASA a true hardware solution?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <951197B1-B1B4-4735-B250-F5DB39AEE9E6@gmail.com>
Content-Type: text/plain; charset=us-ascii
On May 5, 2011, at 1:11 PM, Greg Whynott <Greg.Whynott@oicr.on.ca> wrote:
>
> in the context of the never ending debates related to software/hardware firewalls...
>
>
> i was looking inside of our newest 5580, it appears to be a standard HP server box (DL585) with a hardware encryption accelerator option card inserted into a pci slot. everything else appears to be verbatim to what you would receive from HP if you ordered their high end x86 server box.
>
> should one not have any sort of encryption needs, would this box considered a software firewall? I couldn't find one custom asic, module or other chip with a cisco brand stamp on it, beyond the flash.
>
>
> thanks!
>
> -g
I can remember 10 years ago building a frankenPIX out of a PPro desktop, some Intel NICs, and the flash card spare from a Cisco PIX 520. It ran 6.1 beautifully and thought it was a PIX 515E. So, yes, it is and probably always has been possible to run PIX OS on non-Cisco hardware.
But since Cisco doesn't offer it that way, or support it that way, it's fair to refer to it as a hardware firewall. Unless you want to dissect the broader topic of where hardware ends and software begins. In which case, this is the one true hardware firewall:
http://www.ranum.com/security/computer_security/papers/a1-firewall/
PaulM
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 58, Issue 6
***********************************************
No comments:
Post a Comment