RE: ISA vs. Firewall
- From: "Gabriele" <Gabriele@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 9 Apr 2005 10:23:26 -0700
Steve,
a littel things...
Ok for the FW that is an aggregation of, acl and rukes...
but for exemple: an ACL on Cisco devices (l3 switch, 3550, 3750, 4000, 6000
and so on) are based on layer 3 filtering (network layer).
A firewall full inspection (checkpoint, symantec...) can work up to leyer 7
(application): so the fw can open all packet and look inside..
With an ACL you can encapsulationg dangerous code inside an packet over tcp
port 80 (http) but based on other application like FTP. The acl leave free
access for protocol tcp port 80 but cannot "understand" what kind of
application is inside of the packets...
FW can do that !!
Same thing for the nat
bye
Gabriele
"SP" wrote:
> I'm starting to explore ISA so my questions may be off.
>
> I'm sure many of you are familiar with WatchGuard boxes (X500, X700, for
> example). Is it safe to equate ISA with firewalls ? If not, never mind my
> question. If yes, where is ISA ? A high-end firewall ? Or, somewhere in
> the middle ?
>
> Is there a server naming convention when setting up ISA ? Does it have to
> be FQDN ?
>
> If ISA sits behind a firewall but is placed on DMZ, is it better off to get
> rid of the firewall altogether ?
>
> Thanks
> Steve
>
>
>
.
- References:
- ISA vs. Firewall
- From: SP
- ISA vs. Firewall
- Prev by Date: Re: ISA2004 - Can users access web pages when ISA Internet Connection Down?
- Next by Date: Re: Cache error
- Previous by thread: Re: ISA vs. Firewall
- Next by thread: ISA 2000 Firewall Log
- Index(es):
Relevant Pages
|
