Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

PIX firewall vs. IOS firewall...advantages?

douglas.carmichael
Level 1
Level 1

‎10-17-2004 11:25 AM - edited ‎02-20-2020 11:41 PM

I've been looking at the spec sheets, but I'm still not sure about the advantages of the PIX Firewall series versus the IOS firewall in, say, a 2800.

Would it offer any advantage for use in, say, a typical 100Mbps max 'edge-protection' application or for within a small network?

Thanks.

--Douglas

0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎10-17-2004 04:32 PM

IOS Firewall Router versus PIX Firewall applicance

Features:

- PIX and IOS FW (Router) are both stateful Firewall so there is no diffrence.

- IOS Firewall supports a full range of interfaces which the PIX does not, eg ADSL, Serial.... PIX supports Ethernet 10/100/1000.

- IOS Firewall has more Routing protocol support.

- IOS FW supports QOS which is currently not available for the PIX. Will come in version 7.0.

- The IOS Firewall is more a Edge Firewall to the Internet see in the SAFE Blueprint the design fundamentals.

http://www.cisco.com/go/safe

- Both have a minimal IDS fonctionality, have spoofing prevention and helps again SYN Floods ....

I think there are a lot of diffrent opionions arround about this topic.

In security perspective there is no big diffrence if both are configured correctly.

Definition in SAFE Blueprint is:

At many points in the network design process, an enterprise will need to choose between a network device with integrated functions and a specialized functional appliance. Integrated functioning is attractive because you can implement it on existing equipment, the features can interoperate with the rest of the device to provide a better functional solution, or the features can be deployed incrementally to facilitate increased bandwidth requirements. Appliances are often used when the depth of capability required is advanced or when performance needs require using specialized hardware (see Appendix D for information regarding integrated security blades for Layer 3 switches versus appliances). Decisions should be based on the capacity and capability of the appliance, not the integration advantage of the device. For example, sometimes you can choose an integrated higher-capacity router operating Cisco IOS® Software with the firewall feature, as opposed to a smaller Cisco IOS Software-based router with a separate firewall device. Throughout this architecture, both types of systems are used. Historically, most critical security functions have migrated toward dedicated appliances because of the performance requirements of large enterprise networks. Recently, however, integrated equipment has become much more attractive because of performance and capability enhancements. A security specialist now has more viable options when choosing between security appliances and integrated devices.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card