Comparison report Betw PIX and ASA

Unanswered Question
zulqurnain Sun, 04/22/2007 - 21:40


short answer would be:

A Cisco PIX is a dedicated hardware firewall appliance. All Cisco PIX versions have model numbers in the 500s. The most popular model for home offices and small networks is the PIX 501; many midsize companies use the PIX 515 as a corporate firewall.

PIX firewalls run the PIX operating system. While the PIX OS is quite similar to the Cisco IOS, there are enough differences to cause some frustration for users more familiar with IOS.

The firewall sports the PIX Device Manager (PDM) for a graphical interface. This GUI is a Java application downloaded through a Web browser.

Typically, a PIX firewall has an outside interface that connects to the inside of an Internet router and goes to the public Internet. It also has an inside interface that connects to a LAN switch, going to the private internal network.

A Cisco ASA is a new firewall and anti-malware security appliance from Cisco Systems. (Don't confuse this product with what a PIX uses for stateful packet filtering?the adaptive security algorithm, or ASA.)

ASA models are all in the 5500 series. The Enterprise Editions include four versions: Firewall, IPS, Anti-X, and VPN. There's also a Business Edition for small to midsize companies.

In total, there are five models of the Cisco ASA. All run the ASA version 7.2.2 software, and the interface is much like the Cisco PIX. Both the Cisco PIX and ASA models vary in performance, but the ASA's lowest model offers much more performance than the base PIX.

Like the PIX, the ASA can also serve as an intrusion prevention system (IPS) and VPN concentrator. In fact, the ASA could take the place of three separate devices?a Cisco PIX firewall, a Cisco VPN 3000 Series Concentrator, and a Cisco IPS 4000 Series Sensor.


cratejockey Wed, 05/02/2007 - 11:09

I have to disagree with HTH to a point or two. PIX and ASA are both firewalls. Both units run PIX IOS. PIX 501, 506, 506E and 515 will only run PIX IOS 6.x. PIX 515E and 525 will run at least some of the PIX IOS 7.x revisions and utilize the new ASDM java gui for management where pix 6.x IOS versions only use PDM (not a great product) and CLI. If you are going to purchase a firewall for your company you need to be looking at the ASA. This link will give you the details of the ASA appliances compared to each other:

If you are truly unfamiliar with Cisco Firewalls I would encourage you to contact your Cisco Sales rep or a VAR.

Good luck.


This Discussion