Performance NPE-G2 vs PIX535 (is firewalling really faster than Routing?)

Unanswered Question
Jan 21st, 2008
User Badges:


I am currently routing two fast-ethernet networks through a 7206VXR, but I wish to migrate them to isolated DMZ's sitting behind two seperate interface on a PIX 535.

according to Product Sheet Router Perfrmance: it achieves 1 Gb throughput

7206 -NPE-G2 (1 Gig of throughput using CEF).

And according to the PIX Data Sheet, it achieves 1.7Gb

PIX 535 (1.7 Gig throughput /clear text)

So, this implies the PIX can route between networks (directly attached) nearly double as fast as a NPE-G2.

These seems odd to me, as the NPE-G2 is very NEW (using ASICs and cutting edge technology) and the PIX 535 is very OLD indeed (without dedicated switching ASICs)

Is this right ?

I understand they are completely different pieces of kit, one's a router and one's a firewall .... but in essence a PIX that routes traffic between interfaces, is a crude "router". (forget statefull inspection and firewalling for a sec).

Any help or views would really be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbayuka Fri, 01/25/2008 - 10:06
User Badges:
  • Bronze, 100 points or more

You can go for PIX 535 since it provides the security for the both the LAN because it blocks the communication from the outside network to inside network.


This Discussion