Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco PIX or Cisco Firewall Software

Posted on 2003-03-28
Medium Priority
Last Modified: 2010-04-12
We are about to put a firewall into out network to replace an existing one.  We have a Cisco 2620 and are trying to decide whether to upgrade the 2620 with memory and the bios and put the Cisco Firewall package onto it or get a PIX 506.  

Does anyone have any suggestions for either?  Downsides/upsides?
Question by:atwist
  • 2
LVL 79

Accepted Solution

lrmoore earned 200 total points
ID: 8229452
Personal preference, but the PIX was built ground up as a firewall, and does it very well. 2620 was designed as a router, and does it very well. Putting the firewall feature set on top of the router still does not get you the full capabilities of the PIX appliance.
How many users do you have? If more than 50, I would seriously consider the 515E Restricted.

Expert Comment

ID: 8232175
Here is  my  2cents worth.

Let the router do routing, and the firewall do firewalling and vpn stuff.

The pix 506 only has 10mb interfaces, and your 2620 will have 100mb interfaces.  Have you considered a  515, they
also more scalabe and can have hardware vpn acceleration cards installed, also you could go bigger and implement a dmz.

The 506 is a really good remote point builder but for your
central hub, it is limited.

I would recommend a 515 or a 535 if you have the budget, but if you can only afford the 506 it is better than nothing.


Author Comment

ID: 8234452
We have right at 50 users on our network at the moment.
LVL 79

Expert Comment

ID: 8234485
If your budget will permit, go with the 515. It is expandable to add a DMZ interface, is much more powerful than the 506, and you can add a failover firewall in the future if you need it. The 506 is a set configuration. You can take advantage of the VPN capabilities of the PIX also to set it up as a VPN termination for IPSEC and/or PPTP VPN connections.
Suggestion. To provide a more complete security package, be sure to enable logging to a syslog server for both the screening router, and the firewall.
Free syslog server: http://www.kiwisyslog.com

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question