Competitive advantage of PIX/ASA vs. IOS firewall feature set
Besides the ability for the ASA/PIX to provide stateful inspection in hardware; therefore, the ability to service more connections that a router running IOS firewall feature set......Is there any security advantage? "More hardened technology", or something?
Re: Competitive advantage of PIX/ASA vs. IOS firewall feature se
Obviously you will get better throughput and VPN handiling with the ASA counterpart.
The IOS has a good security feature set , however the ASA/PIX is marketed as a firewall for a reason.
In my opinion it is a better box, as it is designed for a firewall environment. Some of the security features are much harder than the IOS.
Both the ASA and IOS devices support a kind of stateful inspection.
Another benefit is the GUI. The ASA has a much more user friendly interface for handiling firewall and vpn configurations.
The new verson 8 code, is becoming more of a UTM. In a nutsehell , this means you can do multiple things within one box, such as SSL,IPSEC,IPS, Threat Detection,Anti X. The Anti X module is quite impressive as it has a subscription to Trend, which updates regular for new virus, exploit code etc.
The monitoring is far superior on the ASA/PIX.
If security is paramount then you have to opt for Cisco's firewall range.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...