take the IOS firewall feature set. The PIX interface is annoying. It is NOT ios. Among annoyances you cannot telnet from the PIX to another device. Thus if you have a PIX buried in the enterprise behind multiple routers, and a route gets screwed beyond it, you cannot reach the remote router by hopscotching. The PIX also don't speak many routing protocols. Cisco is also slow as a slug to release new PIX images. Most PIXen out there are the 506 and 506E's and Cisco has turned it's back on them because PIXos 7 requires a ram update. I took delivery of 2 new 506E's 4 months ago and they came out of the box, still with inadequate ram, and 2 year old PIX os on them.
I have also seen multiple PIX hardware failures on the original non-E models. The PIX boxes get temp sensitive and lock up, power cycling gets them going again. This will continue repeating itself for months. Or the power supplies fry. And Cisco no longer sells the power supplies for the original non 506 models. So far, knock on wood, the E models we have seen deployed haven't done this. They also run hot as Hades. You can almost fry an egg on one of them that has been on for a while. Keep in mind the PIX was a product Cisco bought from someone else, they didn't design it. Cisco has said for years that customers shouldn't buy them. The usual line is "we are in process of taking the technology from the PIX and using it in our other products" Which is big marketing bullcrap intended to reinforce the bogus image of superiority that the original dyed-in-the-wool PIX owners had of their devices. IOS is actually more advanced, and PIX didn't have dynamic VPN support when Cisco bought the product. Over the years more technology has flowed from Cisco into the PIX than they ever got out of it. The PIX purchase was a buy market share purchase not a technology purchase. Totally opposite from for example the Combinet purchase where Combinet had far better ISDN technology than Cisco. The PIX originally was a hacked up PC motherboard based product and the original versions (pre Cisco) ran on a hacked up dos/windows OS. The PIX is popular IMHO because it's cheaper than IOS Firewall Feature set + a decent Cisco router, and it has the moniker Cisco on it. Logic would tell Cisco to kill the product, but they are afraid of doing that because they are afraid of losing customers. Frankly, the Linksys RV042 works just as good as a PIX for most applications you would use a PIX in and is a hell of a lot cheaper. Plus it has Cisco on the box. Unfortuantely, the RV042 doesen't get the attention it should because so much of the Linksys product line has been total garbage. Ted > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Dan > Sent: Saturday, May 26, 2007 9:02 PM > To: [email protected] > Subject: [c-nsp] firewall ios > > > Hello, > > I was wondering if there is any difference between a pix firewall and > the firewall ios. I have a 2801 router that I would like to buy the > firewall ios for instead of putting in a pix firewall. Does the > firewall ios have all of the features of the pix box? I'm currently > using the router for nbar inspection, route-mapping and natting a few > internet connections. Will this all still work on the firewall ios? > > Thanks, > Dan. > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
