Actually, I would be extremely surprised if Cisco discontinued PIX.
PIX has several advantages over a router used as a firewall.
Routers by default let all packets through, PIX default lets nothing
through.
PIX has an encryption card that can be added for both site to site and
client to site encryption stuff.
PIX's OS is designed to severely limit stupidity. It doesn't speak ospf,
bgp, etc. It does not actively partipate in RIP, although it can listen.
You can't telnet to it from outside the firewall. You can't telnet from
inside until you specify who can and who can't (by IP address). You can't
telnet from it (I thought that was interesting.).
PIX has some application level stuff, see the 'fixup protocol smtp' command.
The routers AFAIK do not.
etc.
Essentially, it's a dedicated box to do one job: protection. Thus, while
many of its features exist in IOS and IOS w/firewall, those boxes can't
provide the same performance. The best I've seen runs some packet filters
at the outside router, a 3-legged PIX, and an inside router to hugely
simplify PIX's routing job (it becomes : do I send it out, to the DMZ, or
inside to the one inside router, as opposed to which inside router do I send
it to. )
IMHO
=========================
Paul H. Gracy
[EMAIL PROTECTED]
phone: 404 705 2873
#include <std.disclaimer>
=========================
> -----Original Message-----
> From: Bill Coutinho [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, March 02, 1999 10:51 AM
> To: Bennett Todd
> Cc: [EMAIL PROTECTED]
> Subject: Re: Cisco Firewall feature set vs Firewall-1
>
> Bennett Todd wrote:
> >
> > Super! That's really wonderful news.
> >
> > So, what's the big differentiation between a Cisco router with Firewall
> > Feature Set and a Cisco PIX?
>
> I have never worked with PIX, so I really don't know. IOS does have
> inspection, NAT, VPN, lock-and-key (access-lists activated by user
> authentication), etc. But it is kind of hard to setup... Maybe PIX is a
> little easier. I recollect hearing about a "cryptography board" for the
> PIX platform, which could be one of the differences, as IOS does crypto
> by software.
>
> But I suspect Cisco plans IOS being its sole platform, and I would not
> be suprised it discontinuing PIX.
> --
> Cheers,
> Bill.
> _____
> Bill Coutinho Dextra Solu��es em Inform�tica
> [EMAIL PROTECTED] http://www.dextra.com.br/
> voice: +55 19 251-3644 Campinas, SP, Brasil
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
