Good answer. Another way to look at it is historically. Cisco bought the
company that produced the PIX. Their goal was to offer a scalable and
high-performance enterprise-level firewall.
The Firewall Feature Set comes from the Small-to-Medium Business line of
business at Cisco. Their goal was to offer an easy-to-use,
reasonably-priced set of options for a router in a small to medium
business. The FFS makes setting up access lists easier and it allows for
the access lists to look farther into the packets for upper-layer
information, hence, the Context-Based Access Control or CBAC that
Groupstudy mentioned.
Priscilla
At 10:32 PM 3/19/01, Groupstudy wrote:
>If you use a router with the FFS and use CBAC, you can build yourself a
>pretty decent firewall. The router though has far less throughput than a
>PIX and will only be good for under 100 users. The PIX can handle
>thousands of users.
>
>The way to think about them is in the design philosophy. The PIX starts
>life completely locked down and 100% secure. You need to open holes in it
>to allow traffic to flow. On the other hand, a router begins life just the
>opposite by being completely open and you need to lock it down to secure it,
>which is no simple feat for the inexperienced.
>
>I will warn you though both are not cheap. A new PIX will set you back
>$10000.00 -14000.00. The FFS on top of a decent 3620 will cost you $5000
>but you can buy a used PIX 520 for that kind of cash.
>
>Another thing, think about scaleability. If you go for the FFS now and
>spend 5K, how long will it be before you outgrow it and have to spring for
>the PIX anyway. Buy the PIX, set it up then forget about things for a
>while...
>
>----- Original Message -----
>From: Dove <[EMAIL PROTECTED]>
>Newsgroups: groupstudy.cisco
>To: <[EMAIL PROTECTED]>
>Sent: Monday, March 19, 2001 7:46 PM
>Subject: Different between routers using access-list and routers with FW
>feature set
>
>
> > Hi,
> >
> > Can anyone tell me in security point of view, what is the different
>between
> > router using access-list and routers with FW feature set? For example, if
>my
> > network need to connect to an external company, is Cisco routers using
> > access-list can provide enough security? What is the benefit if I use a
> > router with FW feature set? What about if I use PIX?
> >
> > Thanks.
> > dovelet
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
