NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Cisco firewall before RN104.
Hi guys, I know this forum is for readyNAS but I struggle configuring CISCO NAT to provide external access to my ReadyNAS. I was wondering if someone could be of some help here. I bought a cheap s...
"Layer 7 means applicative filtering. I think Cisco can differentiate SSH from HTTP no matter the TCP port used, so it's more than layer4. That said it is limited to some protocols and is no way near what checkpoint can do but I think it will be better than IPTables anyway. What you mean by it's not layer7 is that it only reads headers and do not test the entire instructions of the packet ? "
Ah you must be referring to the T train NBAR based FW. That application recognition technology is pretty basic and limited, also I wouldn't advocate using anything but "well known port" policies when using a FW to essentially reduce the attack surface as you seem to be doing.
Application based FW features are really for "acceptable use " type of purposes, I.e. Don't allow BitTorrent traffic out of my network, stop people from using Dropbox etc.
A.
Ah you must be referring to the T train NBAR based FW. That application recognition technology is pretty basic and limited, also I wouldn't advocate using anything but "well known port" policies when using a FW to essentially reduce the attack surface as you seem to be doing.
Application based FW features are really for "acceptable use " type of purposes, I.e. Don't allow BitTorrent traffic out of my network, stop people from using Dropbox etc.
A.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
