Cisco PIX firewalls

Posted on 2006-03-21
Last Modified: 2013-11-16
Heya Guys,
       I like to think im slowy becomeing a Cisco Router buff but I know little about the PIX firewall. I would like to know when a PIX firewall would be used? over say a Cisco Router running an IOS CBAC firewall, can it completely replace the function of a router? Also, can you impliment a DMZ on a router or would you need to use a PIX device? thanks ! :-)
Question by:mattacuk
    LVL 4

    Accepted Solution

    PIX: Full firewall
    Router: has some SPI capabilities.

    More and more the IOS feature set of Cisco is adding the features of a pix, so it's getting harder to tell the diference.

    If you have a Cisco router with multiple interfaces you could actually set up a DMZ.  

    The PIX Software is kinda like the Cisco IOS that time forgot.  The command that you use, like write mem, are the same commmands that you used pre 11.2 IOS.  I have heard the reason that the do not innovate with simple commands is they feel the code is very secure and they do not like to make changes if not needed. (who knows if that's true.)

    The Pix also has Fixup commands, which allow it to do extended analazyis of certin protocals, that  the router IOS would not be able to do.

    In short, a router is not as secure as a PIX, because a PIX is built for security.  On the other hand, the throughput of a router is much better than a pix, because it is built for speed first.  They both overlap however.

    LVL 2

    Author Comment

    I am glad the blur between the two is not just me! :-) My Cisco 857 router has 1 wan adsl o/pots interface and 1vlan with 4 ethernet switch ports. Is it possible to have a DMZ  on this? or  do you need a router with a built i DMZ functionality? also, can you add additional vlans or are you stuck with what your get out the box?


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now