Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2851 compared with PIX

Hi

I read that the cisco pix 2851 has a firewall as well. What I'd like to ask is is it feasible to replace our pix 515e firewalls with the firewall from the router? I'd like you to please consider this is a large online enterprise so a solution should be able to reasonably cope with this and be adaptive to security needs.

Thanks in advance

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco 2851 compared with PIX

Dan,

If there is no specific reason to replace a pix with a router, I would stay with the PIX Firewall or ASA.

From a security standpoint, the pix is a firewall and by default doesnt allow any traffic to pass through unless certain conditions are met.

For Example:

1. NAT/PAT

2. Access-List

And since you mentioned "large enterprise solution", I would stay with the Pix.

Regards,

Arul

3 REPLIES

Re: Cisco 2851 compared with PIX

Hi Dan,

Please look at the IOS firewall features for the router.

http://www.cisco.com/application/pdf/en/us/guest/products/ps5854/c1650/cdccont_0900aecd80169b0a.pdf

HTH, Please rate if it does.

-amit singh

Cisco Employee

Re: Cisco 2851 compared with PIX

Dan,

If there is no specific reason to replace a pix with a router, I would stay with the PIX Firewall or ASA.

From a security standpoint, the pix is a firewall and by default doesnt allow any traffic to pass through unless certain conditions are met.

For Example:

1. NAT/PAT

2. Access-List

And since you mentioned "large enterprise solution", I would stay with the Pix.

Regards,

Arul

Re: Cisco 2851 compared with PIX

Hi

Its always recommendable to have a dedicated hardware for any particular application, say for firewall.The router acts as a firewall (and perform its tasks well) untill and unless there is not too much load on its memory.

You must have thought of something before switching...Are you terminating any WAN link on it?Will you enable memory consuming BGP, OSPF etc?

Regards

JD

124
Views
5
Helpful
3
Replies
CreatePlease login to create content