FW: PIX vs. router with access lists

From: Scott Morris (smorris@xxxxxxxx)
Date: Tue Apr 18 2000 - 21:14:11 GMT-3

• Next message: John Conzone: "PIX vs router"
• Previous message: John Conzone: "PIX vs. router with access lists"
• Maybe in reply to: John Conzone: "PIX vs. router with access lists"
• Next in thread: Richard Mott: "Re: PIX vs. router with access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
   You're thinking of it a little off-kilter if you're looking at it in
   this fashion... A router is designed to move packets from point A to
   point B, and figure out how to get there. That's it's primary
   purpose.
   
   A PIX (or any good firewall) is designed to inspect packets at a high
   rate of speed, and implement security policies as packets travel
   through it. And do network translation.
   
   Yes you can use a router to inspect packets. Yes you can use a
   firewall to route packets on a basic level.
   
   Being that they're both designed for different things, it's BEST to
   let each do what it was designed for. You'll find your network
   performance much better at that point.
   
   There are IOS feature sets that implement just about every feature of
   the PIX on a router level, but if you have high speed links, you need
   to ask yourself if you're using the correct hardware in the correct
   place. If, on the other hand, you have a big, fancy router with a
   good amount of memory serving one network and a 128k link to the
   internet, use your router, it's less expensive!
   
   Scott Morris, MCSE, CNE(3.x), CCDP (R&S), CCIE (R&S) #4713, Security
   Specialization, CCNA - WAN Switching
   smorris@ccci.com
   ----------------------------------------------------------------------
   ------------------------------------
   Chesapeake Network Solutions http://www.ccci.com
   Cell Phone: 941-350-8590 e-mail:smorris@ccci.com
   Pager: 800-490-1326 Fax: 606-225-8403
   
   -----Original Message-----
   From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
   John Conzone
   Sent: Tuesday, April 18, 2000 6:45 PM
   To: ccielab
   Subject: PIX vs. router with access lists
   
       Hi all. I've configured a few PIX boxes with basic configs, inside
   outside, etc. Not a PIX or security expert.
   
         My question is what can a PIX do that a router with access lists
   can't? To be honest, the PIX seems like a cryptic way to do what can
   be done easier on a router with access list, at least to me.
   
          I'm sure there is a good answer, so you PIX guys out there tell
   me what it can do that a router can't!.
   
   

• Next message: John Conzone: "PIX vs router"
• Previous message: John Conzone: "PIX vs. router with access lists"
• Maybe in reply to: John Conzone: "PIX vs. router with access lists"
• Next in thread: Richard Mott: "Re: PIX vs. router with access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3