Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

How secure is a PIX?

This might seems a dumb question but I'm wondering about the followings :

- Given a out-of -the-box configuration of a PIX which has been upgraded to 6.11 and that is configured to allow only outgoing traffic , with no statics or access lists allowing incoming traffic, how is secure ? Are there any settings that MUST be done to ensure a proper security ? What are then the "best practice " to have a secure environment?

- Where can I find the list , if any , of security problems regarding PIX ( and their countermeasure )

- Is any IDS functionality included , and if yes how do I enable it


Community Member

Re: How secure is a PIX?

Security of your firewall configuration depends on your security policy. Generally, setup with all outgoing traffic allowed is considered not to be secure. You need to restrict traffic according to your security policy in order to make your setup more secure.

Speaking of PIX itself, PIX software is considered to be secure. This is a software that is written with security in mind. According to Common criteria, PIX software received EAL4 level of certification (only two more firewalls have this level of certification), see

PIX has limited IDS capability, it is able to recognize 59 common signatures. See more info on


CreatePlease to create content