Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1326
Views
0
Helpful
4
Replies

Personal FW vs. PIX

jess.danielsen
Level 1
Level 1

‎02-13-2002 12:16 AM - edited ‎02-20-2020 09:58 PM

I've a very provoking question which I've meet when installing a PIX-501 at customer site that I'd like some comments on. What vendors of personal firewall claims is that a PIX is less secure that their firewall since a PIX is not application aware. Now for a customer the price for a personal firewall is nowhere near a PIX-501, so why not use personal firewall on all computers (approx 4-10 users) connected to the internet ?

0 Helpful
4 Replies 4

allissr
Level 1
Level 1

‎02-13-2002 03:26 AM

I think this question is one of versatility against manageability. Using the personnal firewall on individual computers may well allow more versatile filtering options but this will require more maintenance than using one PIX-501. Also how much can you rely on individuals not to tamper with their individual settings and thereby creating a security risk.

0 Helpful

xiaoj
Level 1
Level 1

‎02-13-2002 08:58 AM

Pix firewall provides stateful filtering, it works on application, transport, and network layer. Why do you think PIX is not application aware?

0 Helpful

jess.danielsen
Level 1
Level 1
In response to xiaoj

‎02-14-2002 08:19 AM

This claim is not one of mine...this is acctually one that is found on the vendors homepage here in denmark as an FAQ answer, I just wanted make others aware of the fact that customers meet this claim when they decide on they firewall product.

Manageability is definitely one that is important, but so is mobility, so do we all carry a hardware FW together with our laptop -I know that this is slightly different from my starting point but anway do we ?

0 Helpful

eenest
Level 1
Level 1

‎02-13-2002 12:54 PM

The main point in this discussion is the management.

With PIX you'll have the single point of management, with personal firewalls - big headache.

Try to enforce any consistent security policy on more then one desktops and you'll have a lot of fun.

Not to mention that it's very common for end-users to tweak their systems without thinking first.

Speaking about application awareness - your opponent has no idea what he/she is talking about.

Stateful firewalls _have_ to be application aware, otherwise they will be unable to work at all.

That's true for all products from all vendors that clam that capability.

The difference is _how_ that implemented, how many application-specific protocols each vendor' platform can support, etc.

BTW - one of the biggest advantages of PIX is that it can support multimedia applications with very simple configuration.

Try this with CheckPoint (as an example) and you'll see the difference.

Regards,

Eugene

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card