[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] PIX vs CheckPoint
- To: "Gary E. Miller" <gem@xxxxxxxxxx>
- Subject: Re: [Full-Disclosure] PIX vs CheckPoint
- From: Matt Ostiguy <ostiguy@xxxxxxxxx>
- Date: Tue, 29 Jun 2004 22:12:40 -0400
On Tue, 29 Jun 2004 16:57:42 -0700 (PDT), Gary E. Miller <gem@xxxxxxxxxx> wrote:
>
> I agree, except for one small problem. Don't you still have to delete
> ALL the filter rules, and reenter them ALL to change the order of the
> rules? last I checked there was no "insert before", "insert at top" sort
> of options. Just "insert at end". This and other features can really
> slow down the otherwise decent CLI.
>
PIX OS 6.2 (IIRC) introduced a feature for line editing:
access list ostiguy line 15... should enter this line as line 15 in the acl.
no access list ostiguy line 12 should delete line 12 of the acl.
> Another bad thing about the PIX CLI is that is looks a lot like the IOS CLI,
> but has lots of subtle differences that will byte you when you least expect
> it.
>
> RGDS
> GARY
I can't think of an instance where this is a bad thing, as generally,
the pix is more forgiving than IOS, as all the show commands work in a
PIXen's configuration mode.
ostiguy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html