Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2855
Views
0
Helpful
3
Replies

is Router will do statefull Packet inspection like cisco ASA

nagaprasad123
Level 1
Level 1

‎03-06-2014 12:13 AM - edited ‎03-11-2019 08:54 PM

Hi Team

Can cisco routers will support statefull inspection if so how ?

I was attended an interview, in the managar round he asked me what is the main  difference between Firewall and router/l3 switch ?

in place of firewall we can use router also then why again we need a firewall ?

i just started some basic functionalities of how firewall and router will work. even though the managar not  agree what exactly difference between them.

can any one please guide me what exactly the difference.

looking forward your immediate response.

Thanks

NagaPrasad

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-06-2014 04:30 AM

Well by default the L3 router/Switch will not have such a stateful table as the ASA firewall for example so if you have ACLs on a pair of interfaces traffic flowing through the box that matches an existing session will go trough without any user configuration intervention.

On a regular L3 device you must explicitly allow the traffic

Note that Cisco Routers support CBAC and ZBFW which basically turn on a Firewall Feature.

Cisco Switches such as the 6500 family support the FWSM and now the ASA-SM which also brings into consideration a Firewall.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

nagaprasad123
Level 1
Level 1
In response to Julio Carvajal

‎03-06-2014 10:16 AM

Hi Julio Carvajal Segura

  Thanks for you response.

But my questions is

1. Can cisco routers will support statefull inspection if so how ?

2. I was attended an interview, in the managar round he asked me what is the main  difference between Firewall and router/l3 switch ?

3. in place of firewall we can use router also then why again we need a firewall ?

Please answer the above

Thanks

NagaPrasad

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to nagaprasad123

‎03-06-2014 10:32 AM

Hello,

1. Can cisco routers will support statefull inspection if so how ?

I already answered this

Note that Cisco Routers support CBAC and ZBFW which basically turn on a Firewall Feature which means Stateful Inspection.


2. I was attended an interview, in the managar round he asked me what is the main  difference between Firewall and router/l3 switch ?

I already did it as well

Well by default the L3 router/Switch will not have such a stateful table as the ASA firewall for example so if you have ACLs on a pair of interfaces traffic flowing through the box that matches an existing session will go trough without any user configuration intervention.

On a regular L3 device you must explicitly allow the traffic if being filtered somewhere.

3. in place of firewall we can use router also then why again we need a firewall ?

Not all routers support Firewall features and performance or features will not be as good as with a dedicated FW.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card