lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: jeff-kell at utc.edu (Jeff Kell)
Subject: PIX vs CheckPoint

Eric Paynter wrote:

> On Tue, June 29, 2004 4:57 pm, Gary E. Miller said:
> 
>>I agree, except for one small problem.  Don't you still have to delete
>>ALL the filter rules, and reenter them ALL to change the order of the
>>rules?
> 
> I don't administer the PIX boxes, so I don't know the details of the
> interface. My statements were based on what the admins told me. However,
> isn't the beauty of any CLI app that you can do all your administration
> through simple scripts?

Sometimes it is an erase-and-redo operation, sometimes not; depends on 
the task you are trying to do and the software release.  Someone earlier 
mentioned the PDM (PIX Device Manager) being a nightmare, but I find it 
to be absolutely wonderful for certain tasks.  You don't want to use it 
for batch/bulk updates/configs, but it certainly has its strong points 
(especially current versions of PDM and PIX software).

And yes, PIX logs are extremely verbose <ahem>.   Especially if you have 
it log URLs (which we aren't, but still get 5-10 gigs/day of logs).

Jeff

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux