Re: IOS Firewall Feature set vs PIX

2000-09-06 Thread Jeremy Wadhams 

I tend to use the Firewall feature set in places where I need serious router
functionality in addition to basic firewalling.  Keep in mind that a PIX can't
do WAN modules, can't do BGP, and does not speak the same IOS we all know and
love.

Of course, in case cost does factor into your design, the IOS upgrade on a
7200VXR, costs the same as a PIX515 bundle.

Jeremy Wadhams
CCNA CCDA CCSE

Oscar Rau wrote:

> This is a bit confusing when it comes to Cisco security products.
> What is the advantage of buying a PIX when I have a Cisco IOS with the
> Firewall feature set?
>
> It looks like it is doing a lot of packet inspection too. Does IOS Firewall
> feature set support stateful information? Please let me know any major
> advantages of using PIX over IOS Firewall feature set.
>
> Thank you in advance.
> --
>
> Oscar Rau
> [EMAIL PROTECTED]
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS Firewall Feature set vs PIX

2000-09-02 Thread Kevin Wigle 

Oscar,

Generally, the PIX is a dedicated appliance that does one thing - firewall.
Therefore it is optimized to do that one job and do it well.  Large
corporations/businesses could have hundreds (thousands) of users going
through the firewall to the internet - PIX (the right size of course) will
handle this type of traffic load without much effort.

The IOS Firewall Feature Set - which is now called "Cisco Secure Integrated
Software" (CSIS), is working along with the normal duties that the router is
doing.  Therefore you may have to add more memory and things may slow down a
bit (or really slow down) the more users you have going through it.

However, CSIS also has some Integrated intrusion detection system (IDS)
capabilities built in - but again you're adding more overhead to the router.

So, size does matter.  Small offices could probably use CSIS without much
problem.  Larger organizations should look at the PIX.

For CSIS look at http://www.cisco.com/go/csis
For PIX look at http://www.cisco.com/go/pix

Kevin Wigle
CCDP/CCNP/MCSE/CBE.

- Original Message -
From: "Oscar Rau" <[EMAIL PROTECTED]>
To: "Cisco GroupStudy" <[EMAIL PROTECTED]>
Sent: Saturday, 02 September, 2000 08:04
Subject: IOS Firewall Feature set vs PIX


>
> This is a bit confusing when it comes to Cisco security products.
> What is the advantage of buying a PIX when I have a Cisco IOS with the
> Firewall feature set?
>
> It looks like it is doing a lot of packet inspection too. Does IOS
Firewall
> feature set support stateful information? Please let me know any major
> advantages of using PIX over IOS Firewall feature set.
>
> Thank you in advance.
> --
>
> Oscar Rau
> [EMAIL PROTECTED]
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS Firewall Feature set vs PIX

2000-09-02 Thread Oscar Rau 


This is a bit confusing when it comes to Cisco security products.
What is the advantage of buying a PIX when I have a Cisco IOS with the
Firewall feature set?

It looks like it is doing a lot of packet inspection too. Does IOS Firewall
feature set support stateful information? Please let me know any major
advantages of using PIX over IOS Firewall feature set.

Thank you in advance.
-- 

Oscar Rau
[EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]