Netflow v9, but it's not similar to netflow v9 that most routers exports, could cause issues with certain collectors It also has a fail-login delay block, to protect from brute-force or mis-used from failed logins
Fortinet fortiguard is quite awesome and very mature and advanceīoth unit allows for common management protocols with the fortinet allowing you to changing ssh/telnet ports and restricting access to a user. IDS protection is part of the appliance hardware ( no add-on card/module, no special licensing or restrictions ). requires some IDS engine or card and managed separately & possible license restrictions. Supports for custom rules, but not very user friendly. Duplicates can be installed with no warning, causing issues when auditing policies Policies are built between zones to zone or interface to interface similar to juniper. Uses a ACL approach for the ingress/egress interface and no other direction is requiresĬisco also eliminates duplicate by disallowing the entry of duplicate acl lines within a single access-list Getting better, but ipv6 support is still quite new in the ASA lineupīeen ipv6 enabled for at least 6+ years now, but we still don't have OSPFv3 authentication :( one big configuration file, with no separations for the unique vdoms. by default all interfaces are part of the vdom root, so enabling vdom support does not drop any interfaces/policies or configurations if your going from a vdom-less to vdom-concept. Vdom supports all open routing protocols ( rip,ospf,bgp,is-is), and not as restrictive. Supports a minimum of 10 vdom ( virtual domains ). Just the pure enabling of the multi mode context feature, requires a reboot. Also the context configuration files management, is awkward and confusing, the first time that you deploy the configurations files. And then in multi context mode, your limited to just OSPF or EIGRP only (ipv4) and no dynamic routing protocols for ipv6 Context in ASA don't support any remote-access vpn, and until recently no dynamic routing protocols. 
Cisco contexts are very restrictive, typically you are limited to 3-4 contexts ( except a ASA5505 no contexts available ). Supports blackhole routes via null-interface Typically one relies on the next-hop device, or just ACL'ing off the traffic Only has 1 or 2 license types ( vdom and forticlients ) Licensing is not additve ( e.g if you have 25 vpn peers and want 25 more, you have to buy a 50 vpn peer license and can't buy a 25 peer license ) In this post we will go over some of the difference between these 2 models of firewalls.Ĭisco has a whole gamlet of licensing that can be applied, and it can be quite confusing
0 kommentar(er)
