Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
4
Replies

How Secure is the PIX-Firewall and IOS-Firewall?

pkohlstetter
Level 1
Level 1

‎02-24-2003 12:27 AM - edited ‎02-20-2020 10:34 PM

Hello,

has anybody some informations about the security level of the PIX Firewall and the IOS Router Firewall?

Is one of both more secure, or is the same software used in both?

Is there anywhere in internet a security-test from an independent organisation with PIX. IOS Firewall and other firewall (checkpoint, watchguard, ...)?

Thanks

Peer

0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎02-24-2003 12:47 AM

Hi Peer,

It really depends on what IOS you have running, there's a lot of info on PIX security on cisco.com, answer to your secound question of testing security from an independent organisation, I'd say you could try www.grc.com and use the 'shields Up' software to test your PIX.

HTH

Jay.

0 Helpful

ods
Level 1
Level 1
In response to jmia

‎03-02-2003 05:38 PM

Using Steve Gibsons very basic and very limited Shields Up! tool to test your dedicated firewall, is not a good thing. If Shield Up! should find anything at all, when comparing IOS and PIX, then there is something wrong with the person configuring the firewalls. ;-)

0 Helpful

ods
Level 1
Level 1

‎03-02-2003 05:48 PM

I have never seen a comparison test of the IOS Firewall features and the PIX. Both should be equally safe, if you know what you are doing...

There are probably a number of differences, i.e.:

- The PIX has its ASA. This allows all outgoing traffic from interfaces with higher security levels going to interfaces with lower security levels, and also maintains stateful information that allows replies to be accepted by the PIX. To my knowledge the IOS Firewall has no ASA concept...

- The PIX has PDM (if you want a webGUI ). IOS have no such thing (tmk).

- PIX 6.2.x do not have the log option for ACL entries, 6.3.x do have it. IOS have also got itplus log-input as well.

- There might be differences between the available proxies, like VoIP and multimedia proxies.

0 Helpful

dkramkowski
Level 1
Level 1

‎03-03-2003 09:25 AM

I don' t know about the security, but I can tell you that depending on the router, the IOS firewall can be VERY slow. I have the IOS firewall running on a 2611 Router, and the thruput is extremely slow, because the router isn't really designed to act as a firewall, although it can do it. For performance AND security, I would say (in my inexperienced opinion) that you are better off with the PIX.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card