Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
1
Replies

IOS FW and PIX FW

mo shea
Level 1
Level 1

‎10-16-2005 09:09 AM - edited ‎02-21-2020 12:28 AM

Hi..

One of our clients wants to be convinced that a powerful router (3700 & above)with FW IOS cannot replace a PIX FW in his network, which is comprised of a core router connecting to 6 routers via ATM and another router connected to the internet.

The main argument is whether to install FWs at the remote site (min 1000 employess each) or to have a FW IOS on the ATM routers, although he is not 100% sure of getting a FW behind his Internet router. I feel he is depending on the IOS FW way too much...

His arguments are as follows:

1- All ACL entries can be placed on the router instead of the FW, and performance is not that issue when installing powerful routers.

2- Redundant routers can be installed,hence the same result of PIX Failover.

He plans to buy IDSs for the sites which minimizes my headache, but I still want to know what important and convincing features he will be losing by replacing the pix FWs.

Any help is appreciated.

Thanks

0 Helpful
1 Reply 1

bobd
Level 1
Level 1

‎10-16-2005 12:43 PM

The Cisco IOS firewall can be a very solid choice for environments like you have described here. Multiple layers of security are of course always recommended, and an IDS/IPS solution would help to provide a very secure environment for your client. I would recommend a good read of the IOS firewall whitepaper at

http://www.cisco.com/en/US/partner/products/sw/secursw/ps1018/products_white_paper0900aecd8029d0a6.shtml

This outlines all the features of the IOS firewall, which now includes ESMTP inspection, which is one of the features not previously available.

For a description of the limitations and benefits of the IOS firewall and CBAC, take a look at

http://www.cisco.com/en/US/partner/products/sw/secursw/ps1018/products_white_paper09186a0080094658.shtml

which includes some info on redundancy and inspection limitations. One key point that you might note there is that the IOS Firewall doesn't support router redundancy, but does support interface redundancy and load sharing.

Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card