Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

IOS FW vs. Pix

dan.tesch
Level 1
Level 1

‎09-23-2004 04:39 AM - edited ‎02-20-2020 11:38 PM

Can someone give me the basic difference between

using IOS with firewall and a full featured FW or PIX? I have to believe there must be some differences other than maybe load it can handle?

My dealer rep. told us that basically they can do the same thing.

0 Helpful
2 Replies 2

jroyster
Level 1
Level 1

‎09-27-2004 12:31 PM

I'm very interested in an indepth discussion as well.

The PIX has what I believe a very different means of firewalling (I forget the name of it at the moment) in how it examines packets/conversations and the inherent rules used.

Where I "believe" the IOS firewall is more of a straight stateful inspection firewall.

Both PIX and IOS have limited IDS built in.

This begs the old addage "let a firewall be a firewall and a router route" because in my opinion the PIX is a terrible router but a great firewall.

0 Helpful

piseli
Level 1
Level 1
In response to jroyster

‎09-28-2004 10:38 AM

SAFE Blueprints says to this topic:

At many points in the network design process, you need to choose between using integrated functionality in a network device versus using a specialized functional appliance. The integrated functionality is often attractive because you can implement it on existing equipment, or because the features can interoperate with the rest of the device to provide a better functional solution. Appliances are often used when the depth of functionality required is very advanced or when performance needs require using specialized hardware. Make your decisions based on the capacity and functionality of the appliance versus the integration advantage of the device. For example, sometimes you can choose an integrated higher-capacity Cisco IOS® router with IOS firewall software as opposed to a smaller IOS router with a separate firewall. Throughout this architecture, both types of systems are used. When the design requirements did not dictate a specific choice, the design opted to go with integrated functionality in order to reduce the overall cost of the solution.

Link:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8a0.shtml

1.) I think the question is about if you need special devices as Serial and ADSL interfaces for Firewalling as it is supported by the IOS Firewall. The PIX is more limitated in which devices it support, usually Ethernet, Fastethernet and Gigabit Ethernet interfaces.

2.) Both of them are Statefull Firewalls.

3.) PIX is a high performance applicance that has limited QOS and Routing features.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card