I'm not a sales rep but I'm working for Cisco and perhaps
can help you.
Major differences:
- default state: per default a router let the traffic go through while
the PIX is closed. Hence the PIX is slightly more secure
- multicast: the PIX cannot handle multicast
- authorization: IOS-fw can handle authentication and authorization
only via HTTP while PIX can do HTTP, FTP, Telnet
- failover support (with stateful) only for PIX, IOS-fw can use
HSRP for stateless fail-over
- no URL filtering on IOS-fw
- PIX has received a TTAP certification
Minor differences:
- NAT support is always being extended on both platform but they are
not sync'ed
- PAT is also slightly different (IOS fw can re-use the IP address
of the router)
- PIX can use TCP for logging and can be blocked when the log server
is down (for security)
Else, they are very similar: same architecture (inspection at multiple layers),
SNMP/syslog support, IPSec support, Radius, Tacacs+, TFTP upgrades, ...
Hope this helps
-eric
At 10:00 03/09/1999 -0300, Fabio Rocha wrote:
>Fellow networkers,
>
>Does anybody can tell me the differences - concerning features, robustness,
>reliability, availability, performance, etc - between a cisco PIX firewall
>and the IOS firewall feature set? Can I do NAT/PAT with the IOS as I would
>with PIX?
>
>Anybody with experience on these products would like to comment?
>
>Any Cisco sales rep on the list to make this point clear?
>
>TIA,
>F�bio Rocha.
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
