[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco PIX firewalls

Posted on 2006-03-21
Medium Priority
Last Modified: 2013-11-16
Heya Guys,
       I like to think im slowy becomeing a Cisco Router buff but I know little about the PIX firewall. I would like to know when a PIX firewall would be used? over say a Cisco Router running an IOS CBAC firewall, can it completely replace the function of a router? Also, can you impliment a DMZ on a router or would you need to use a PIX device? thanks ! :-)
Question by:mattacuk

Accepted Solution

neoponder earned 250 total points
ID: 16250219
PIX: Full firewall
Router: has some SPI capabilities.

More and more the IOS feature set of Cisco is adding the features of a pix, so it's getting harder to tell the diference.

If you have a Cisco router with multiple interfaces you could actually set up a DMZ.  

The PIX Software is kinda like the Cisco IOS that time forgot.  The command that you use, like write mem, are the same commmands that you used pre 11.2 IOS.  I have heard the reason that the do not innovate with simple commands is they feel the code is very secure and they do not like to make changes if not needed. (who knows if that's true.)

The Pix also has Fixup commands, which allow it to do extended analazyis of certin protocals, that  the router IOS would not be able to do.

In short, a router is not as secure as a PIX, because a PIX is built for security.  On the other hand, the throughput of a router is much better than a pix, because it is built for speed first.  They both overlap however.


Author Comment

ID: 16250518
I am glad the blur between the two is not just me! :-) My Cisco 857 router has 1 wan adsl o/pots interface and 1vlan with 4 ethernet switch ports. Is it possible to have a DMZ  on this? or  do you need a router with a built i DMZ functionality? also, can you add additional vlans or are you stuck with what your get out the box?


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question