Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2738
  • Last Modified:

PIX vs. Cisco Routers ACL


Today IOS's ACLs and CBAC give us stateful inspection of packets, and I start wondering why invest
money in PIX if today cisco's routers can also function as firewalls ?
1 Solution
The difference is that a PIX was designed ground-up to be a firewall and uses an Adaptive Security Algorithm as well as layer 4 inspection "fixup".
IOS with CBAC/firewall "features" is a souped up router with added features such as stateful inspection (layer 3 only). For a small spot implementation, this might be adequate, but for an application where security is paramount, a 'defense in depth' strategy calls for both the screening access router (not necessarly with CBAC/FW feature set, but perhaps the IDS features), and a firewall.
Not to mention that it's a lot easier to configure a PIX properly than CBAC.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now