Re: Cisco 1721 firewall vs PIX

bbeck · ‎01-20-2005

At my new job, I am no longer in the role of supporting our Firewall/VPN (all done at Corporate). I've recently been told that they are replacing all of our PIX firewalls with 1721 Routers to handle our Firewall/VPN connections. My previous experience showed me that running the firewall software on your router wasn't the best solution if you had much traffic on it. We have 100-200 users at multiple locations with VPN tunnels between each of them and to Corporate for email and internet access).

According to our network "Expert" at corporate "in the past year it (Cisco 1721) is basically replacing the pix - they are using the same basic ios as the pix - so it has that firewall - but a better vpn and the same routing"

Does this sound remotely accurate to anyone? I figured it would be easiest to find out here, and I don't have much faith in the experts opinions so far. Thanks.

nkhawaja · ‎01-21-2005

Now it all depends on what you are comparing 1721 with.

I dont know the numbers, but i belive that a dedicated firewall will outperform a router running IOSFW.

it is not true that pix is using the same basic ios as 1721.

thanks

Nadeem

bbeck · ‎02-03-2005

Comparing with PIX 515E / Cisco 1721 combo. 1721 handles the routing and PIX handles the firewall. Mostly concerned that we are making a big mistake by using the 1721 for the firewall instead of keeping things separate.

jboyer · ‎02-04-2005

The capabilities are very similar but the Pix 515e has more capacity and expandability than a 1720 router. The only reason I could understand replacing one for the other is if Mr. Expert is only comfortable supporting IOS and not Pix OS.