From: Church, Chuck (cchurch@wamnetgov.com)
Date: Tue Mar 16 2004 - 10:47:01 GMT-3
Performance is a major difference, as the NATing doesn't seem to bother even low end PIXes, but can choke a midrange router. PIXes also support decent VPN throughput, compared to software only routers. Beyond the performance, the PIX is more secure out of the box, not allowing really any traffic from the outside unless you specifically allow it. Also, it'll never allow telnet access to it from the outside. You need to establish a VPN tunnel first or use SSH. The PIX supports downloadable ACLs from an ACS server, but I don't think any IOS version will. From a security standpoint, I think the PIX wins due to it's simplicity. IOS needs to handle a ton of L2 and L3 protocols, so you see bugs and revisions come out on a semi-weekly basis. PIX versions have so few bugs in comparison, you'll see PIX software revisions come out maybe only twice a year. On the other hand, a router can do much more, like NBAR, rate limiting, policy routing, netflow, a multitude of QOS and que!
ueing functions, etc. There are obviously other differences, but that's rough list.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services - Design & Implementation Team
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
> -----Original Message-----
> From: Ken.Farrington@barclayscapital.com
> [mailto:Ken.Farrington@barclayscapital.com]
> Sent: Tuesday, March 16, 2004 3:31 AM
> To: xuefei@bgctv.com.cn; ccielab@groupstudy.com
> Subject: RE: PIX vs.IOS firewall
>
>
> This is a very good question, and one I asked myself just yesterday.
>
> The one main point I found out is that the PIX is like a
> hardernd build
> linux box. If anyone can comment further, that would be great!
>
> thx
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Xue
> Fei
> Sent: 15 March 2004 18:44
> To: ccielab@groupstudy.com
> Subject: PIX vs.IOS firewall
>
>
> Hi group,
>
> I'm learning the PIX and wondering what's main difference
> between PIX and
> IOS firewall besides their performance. Thanks!
>
> Xue Fei
> xuefei@bgctv.com.cn
> 2004-03-15
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> --------------------------------------------------------------
> ----------
> For more information about Barclays Capital, please
> visit our web site at http://www.barcap.com.
>
>
> Internet communications are not secure and therefore the Barclays
> Group does not accept legal responsibility for the contents of this
> message. Although the Barclays Group operates anti-virus programmes,
> it does not accept responsibility for any damage whatsoever that is
> caused by viruses being passed. Any views or opinions presented are
> solely those of the author and do not necessarily represent
> those of the
> Barclays Group. Replies to this email may be monitored by
> the Barclays
> Group for operational or business reasons.
>
> --------------------------------------------------------------
> ----------
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:31 GMT-3