Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

To choose a router/firewall or a firewall with DMZ

I have the following questions regarding to (Cisco's) router and firewall:

1) There are two kind of firewall:the standalone firewall (hardware) and the firewall embedded in a router (software based). Is the cml (command line coding system) same for both kind of firewalls? For example, can both use these statements?:

static (dmz,outside)tcp interface 80 WWW-DMZ-IP 80 netmask

2)If it is YES to Que #1, can I say that

the way I learnt to code a firewall embedded in a router can also be used to code a standalone (hardware) firewall, so I do not need a new training to start with, correct?

3) Could you please recommend entry level (lower end) router(s) that comes with a firewall and also support DMZ?

4) Could you please recommend entry level (lower end) standalone firewall (hardware) that supports DMZ?

Many thanks.


Re: To choose a router/firewall or a firewall with DMZ


AFAIK the seperate standalone firewall and the FW ios code available with the router is similar in few ways but if you are security concerned or security oriented then would suggest for a standalone F/W like PIX or something inline with that.

The CLI again differs on both firewalls and ios firewall(which is in the router).

Nat support is there in both the devices but the CLI used to configure them are different.

And in Firewall by default alll ports are closed and u need to open them up the reqd ports using the cli available in the firewall but its not the case in routers you need to block the unecessary ports and permit the reqd ports coz all the ports are open up.

and again performance wise as well its standalone F/W which can be a best bet for your situation.

As far as DMZ support in Firewalls you can better check out something inline with 515E or above which can support more ports wherein you can configure different ports/zone with different security levels.


CreatePlease login to create content