Educause Security Discussion mailing list archives

Re: PIX/AS Vs. Linux/IPtables

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 30 Sep 2009 12:09:51 -0500

No references, but since people are off on an entirely different topic, I'll re-thread my response.

Your ability to augment/backfill firewall administration may be rather simpler with Cisco's ASA than it would be with 
IPTables.  There are a large variety of professional-services groups with Cisco relationships, and I'm pretty much 
guessing that pool is smaller with IPTables.

Also, consider that part of the cost of IPTables would be sparing, depot issues, and build/release management.  For us, 
spread over a hundred locations across a good-sized state, the above issues generally hold sway over what might be a 
technically superior solution (like my fave, OpenBSD and PF).  I run PF very happily in a number of places, but none of 
them are places where I'd be woke up at 0200 if it broke.  

   -jml

ron behrang <ron4peace () YAHOO COM> 2009-09-29 21:38 >>>

Hello,  
Does anyone know of a good paper on the merits of using PIX/ASAinstead using Linux/iptables?
ThanksRon

Current thread:

PIX/AS Vs. Linux/IPtables ron behrang (Sep 29)
- <Possible follow-ups>
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables HALL, NATHANIEL D. (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Justin Azoff (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Joe Vieira (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables John Ladwig (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables David Gillett (Sep 30)