Link to home
Start Free TrialLog in
Avatar of atwist
atwist

asked on

Cisco PIX or Cisco Firewall Software

We are about to put a firewall into out network to replace an existing one.  We have a Cisco 2620 and are trying to decide whether to upgrade the 2620 with memory and the bios and put the Cisco Firewall package onto it or get a PIX 506.  

Does anyone have any suggestions for either?  Downsides/upsides?
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of yenoham
yenoham

Here is  my  2cents worth.

Let the router do routing, and the firewall do firewalling and vpn stuff.

The pix 506 only has 10mb interfaces, and your 2620 will have 100mb interfaces.  Have you considered a  515, they
also more scalabe and can have hardware vpn acceleration cards installed, also you could go bigger and implement a dmz.

The 506 is a really good remote point builder but for your
central hub, it is limited.



I would recommend a 515 or a 535 if you have the budget, but if you can only afford the 506 it is better than nothing.

Avatar of atwist

ASKER

We have right at 50 users on our network at the moment.
If your budget will permit, go with the 515. It is expandable to add a DMZ interface, is much more powerful than the 506, and you can add a failover firewall in the future if you need it. The 506 is a set configuration. You can take advantage of the VPN capabilities of the PIX also to set it up as a VPN termination for IPSEC and/or PPTP VPN connections.
Suggestion. To provide a more complete security package, be sure to enable logging to a syslog server for both the screening router, and the firewall.
Free syslog server: http://www.kiwisyslog.com