Well, in some aspects.........
The other day I was trying to migrate a Linux Netfilter based firewall onto a Cisco PIX device.
I really felt pity for PIX. The GUI was very ill designed , many things were just so bad in the GUI that I decided to switch over to its CLI. I tried adding a new NAT rule , it went wrong and then when I tried to delete it it started giving errors.When I did the same with the CLI , it worked well.When I tried to change the interface IP of the mgmt interface , it said the dhcp server is in a different range so you cant change it.Vice versa it the dhcp said the interface ip was on a diff subnet. Finally the CLI worked.
Then to the rules .I don't know why Cisco doesn't feel that two external IPs should not be mapped to an internal IP. Iptables just flawlessly allows it.I've really lost the big impression I had about PIX.Though its better than the Checkpoint Firewall-1 that I have used on Nortel Contivity boxes it still doesn't have many feature that Netfilter has. Well it does have a few that Netfilter doesn't have too...But then PIX is supposed to be best in the market ....
Well , it didn't convince me.............
No comments:
Post a Comment