I have a general, product specific question in that I was going to replace a Cisco 1700 router and Cisco 515E Firewall with a Cisco 2821 router/firewall. The consultants who are still at the CIO's call are telling me that the security on the 2821 is not sufficient. Yet when I talk to most other technicians, they tell me that the security and the replacement for one device is more than enough. I understand the concept of let a router just route and get a firewall, but that is getting a little old - I need the expandability of the 2821 but I don't want the bottleneck of the Cisco 515e.
Can the 2821 provide the same level of security at the PIX firewall?
Do I still need a firewall applicance to be totally secure?
Why would cisco or any vendor promote the router/firewall approach if it did not work?
Is the IOS security software a scalled down verison of a PIX firewall?
Thanks for the insight - I am looking for an increase in performance and expandability (binding T1) and want to replace the 1700 router. If I left the PIX firewall in place, I effectively negate the 2821 gigbit link; yes I know about the T1 speed and that I won't reach gig speed given the outbound link, but that is in a perfect world and the request are not buffered.
I would like to have one applicance, 2821 acting as both and it makes things very easy - I could just keep buying 1700 & PIX firewalls if that were the case.