RE: Cisco 2611 as a firewall?

[Scott Stone <SStone@example.com>]

configuring BASIC routing on a linux box isn't hard.  but ... 35 routers?
they're probably doing something interesting... OSPF? BGP?  have you tried
setting up gated on linux?  go take a look *evil grin*

As far as linux boxes failing - I'm not really saying that it's the OS
itself that would fail, I was pointing more at hard drives.  Cisco routers
have a FLASH filesystem, all solid state, no spinning hard disk to fail.
Same with PIX firewalls.

as for needing a physician's supervision to configure a Cisco - they're
cake.  even a PIX firewall can be put up and running in about 6 commands.
(wouldn't be very useful with the 6-command configuration, but.. )  a router
is really easy.  all the networking stuff is right there in front of you.  I
can show you a sample configuration from one of the routers here in the Taos
lab if you like.

Cisco's CLI is super easy to deal with as well.  Yeah, really, a
user-friendly CLI, imagine that :)

now excuse me, I'm going to drive home now and play with Snort a
little....I'm becoming somewhat of a security nazi, at least WRT my own
systems.  Trying to lock down everythign as tight as possible, and I wanna
know if people are doing evilbad things to me...

-----------------------------------------------------
Scott M. Stone <sstone@example.com>
Senior Technical Consultant - UNIX and Networking
Taos, the Sysadmin Company - Santa Clara, CA


-----Original Message-----
From: Jean-Christian Imbeault [mailto:jean_christian@example.com]
Sent: Wednesday, May 16, 2001 5:48 PM
To: tlug@example.com
Subject: RE: Cisco 2611 as a firewall?


>in many situations, replacing 35 cisco routers with linux laptops is very 
>likely to get you shot repeatedly :)

Ok, that's *one* good reason :)

>First of all, the routers are MUCH easier to maintain as routers than a
>Linux box would be - ie, they're embedded systems that do nothing BUT 
>route,
>and as such their operating system is optimized to do so.

Ok, but how hard is it to configure a Linux box to act as a simple 
gateway/router, uh? :)

>Secondly, a Cisco router has almost no moving parts - one fan and that's 
>it. Everything is solid-state.

That's a good point. But to be honest I can't say I've had that many Linux 
boxes crash on me, so I'd say they're pretty stable. And even if they did 
crash, flip the switch and it's usually back up again unless it's a hard 
disk crash or something similar.

>Thirdly, Cisco routers (newer ones, anyway) have modular hardware ports so
>you can add neat stuff like integrated T1 CSU/DSU modules and such.  Ok,
>sure, the laptops have PCMCIA, but..

This is what I would consider a very valid point. Modularity is defintely a 
plus. In my case it might not be a necessity but defintely worth thinking 
about.

>Fourth, Cisco support.  Cisco probably has the best customer service of
>*any* company that I have ever dealt with, in any field.  And I usually 
>hate
>dealing with customer service...

Point well taken. But in our case we have never had to call Cisco. Never had

a reason to. But also I've heard that configuring Cisco routers is a pretty 
though thing that should only be done under a physician's supervision, 
unless you happened to be Cisco certified :)

And configuring a Linux gateway is not all that difficult it seems.

I sure don't want to get shot but the cost savings seem to be justifiable 
... or I'm missing something basic.

Jc
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

-----------------------------------------------------------------------
Next Technical Meeting:  Sat, May 12 13:30- 
Next Nomikai Meeting:    Fri, June (TBA) 19:30- Tengu Tokyo Eki Mae
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan