If you use a router with the FFS and use CBAC, you can build yourself a
pretty decent firewall. The router though has far less throughput than a
PIX and will only be good for under 100 users. The PIX can handle
thousands of users.
The way to think about them is in the design philosophy. The PIX starts
life completely locked down and 100% secure. You need to open holes in it
to allow traffic to flow. On the other hand, a router begins life just the
opposite by being completely open and you need to lock it down to secure it,
which is no simple feat for the inexperienced.
I will warn you though both are not cheap. A new PIX will set you back
$10000.00 -14000.00. The FFS on top of a decent 3620 will cost you $5000
but you can buy a used PIX 520 for that kind of cash.
Another thing, think about scaleability. If you go for the FFS now and
spend 5K, how long will it be before you outgrow it and have to spring for
the PIX anyway. Buy the PIX, set it up then forget about things for a
while...
----- Original Message -----
From: Dove <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: <[EMAIL PROTECTED]>
Sent: Monday, March 19, 2001 7:46 PM
Subject: Different between routers using access-list and routers with FW
feature set
> Hi,
>
> Can anyone tell me in security point of view, what is the different
between
> router using access-list and routers with FW feature set? For example, if
my
> network need to connect to an external company, is Cisco routers using
> access-list can provide enough security? What is the benefit if I use a
> router with FW feature set? What about if I use PIX?
>
> Thanks.
> dovelet
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
