Options

Why do I need a PIX when I have a Cisco router??

nice343nice343 Member Posts: 391
in Off-Topic
I can put access-list on my routers to deny traffic that I don't want
i can configure NAT on my router
I can install a wireless module in my router
I can setup an IPSEC/VPN on my cisco router with cisco vpn client authentication
i can deploy any routing protocol that I want on my cisco router!

So my question is why do I need a PIX? I want to start playing with a PIX but I want to find good reasons why I need it. icon_lol.gif
My daily blog about IT and tech stuff
http://techintuition.com/
· Share on FacebookShare on Twitter

Comments

  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    If your're running the IOS firewall they will have lots in common between the features, but a PIX with a current operating system will have benefits to the way it handles traffic inbound and outbound in the way it prevents unwanted inbound traffic down to tracking the sequence numbers in a TCP connection (which a static access list can't do). Also depending on the router model the PIX may provide far more performance than the router which may not be needed if you have somthing like a t-1
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    nice343nice343 Member Posts: 391
    my router is a 3745 with an advanced security ios 12.4
    My daily blog about IT and tech stuff
    http://techintuition.com/
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Stateful firewalling reduces administration, reduces risk through incorrect configuration and increases efficiency (once a stateful connection is made it is no longer processed by the ACL's which depending on your environment and amount of ACEs can be a major performance saver). Also more sophisticated protocols that open new ports dynamically from the target need application layer inspection tied into the stateful functions or dynamic ACE's to keep working, static ACL's can't hack it and even if your IOS has some inspection capabilities they will not be as efficient as those of a dedicated firewall.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • Options
    MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    Doesn't a PIX have built in intrusion blocking techniques like you can't DoS a PIX and other things like that?

    Also you could think of the firewall as the first hop and the security device. After things get filtered through the PIX THEN they hit your router which has the gateway to your internal network. This prevents unwanted intrusive traffic from hitting the router which is more sensitive than the pix from a security stand point.
    My blog http://www.calegp.com

    You may learn something!
    · Share on FacebookShare on Twitter
  • Options
    PashPash Member Posts: 1,600 ■■■■■□□□□□
    Overhead is a massive factor also, let the PIX deal with the secuirty algorthims and let the routers deal with.....routing.
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.