Thread: DNS Doctoring
View Single Post
  #5 (permalink)  
Old 2007-10-17
cciesec2006 cciesec2006 is online now
Senior Member
  
Join Date: 2006-09-26
Posts: 746
Rep Power: 3
cciesec2006 has an average reputation (10+)
Default Re: DNS Doctoring
As someone who have been working with Cisco Pix/ASA for the past
eight years, I can tell you that Pix/ASA is a piece of sh_t. Checkpoint
is much superior when it comes to setting up rule, NAT, etc.

For example, with Checkpoint, you have host A = 10.1.1.1/24 and
host B= 10.1.1.2/24 and they are static NATted by Checkpoint to
4.1.1.1 and 4.1.1.2, repsectively. Host A CAN talk to host B via 4.1.1.1
and 4.1.1.2 IP address. There is NO way that Cisco Pix can do this,
two hosts on the same network communicating with each other via
static NATted ip address.

The stupid Pix/ASA limitations come from the security level. It is a pain
in the ass and causes lot headaches for everyone.

You do not need DNS doctoring (alias or whatever cisco calls it now) in
Checkpoint.

my 2c.
Reply With Quote