Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

How Secure is the PIX-Firewall and IOS-Firewall?


has anybody some informations about the security level of the PIX Firewall and the IOS Router Firewall?

Is one of both more secure, or is the same software used in both?

Is there anywhere in internet a security-test from an independent organisation with PIX. IOS Firewall and other firewall (checkpoint, watchguard, ...)?




Re: How Secure is the PIX-Firewall and IOS-Firewall?

Hi Peer,

It really depends on what IOS you have running, there's a lot of info on PIX security on, answer to your secound question of testing security from an independent organisation, I'd say you could try and use the 'shields Up' software to test your PIX.



New Member

Re: How Secure is the PIX-Firewall and IOS-Firewall?

Using Steve Gibsons very basic and very limited Shields Up! tool to test your dedicated firewall, is not a good thing. If Shield Up! should find anything at all, when comparing IOS and PIX, then there is something wrong with the person configuring the firewalls. ;-)

New Member

Re: How Secure is the PIX-Firewall and IOS-Firewall?

I have never seen a comparison test of the IOS Firewall features and the PIX. Both should be equally safe, if you know what you are doing...

There are probably a number of differences, i.e.:

- The PIX has its ASA. This allows all outgoing traffic from interfaces with higher security levels going to interfaces with lower security levels, and also maintains stateful information that allows replies to be accepted by the PIX. To my knowledge the IOS Firewall has no ASA concept...

- The PIX has PDM (if you want a webGUI ). IOS have no such thing (tmk).

- PIX 6.2.x do not have the log option for ACL entries, 6.3.x do have it. IOS have also got itplus log-input as well.

- There might be differences between the available proxies, like VoIP and multimedia proxies.

New Member

Re: How Secure is the PIX-Firewall and IOS-Firewall?

I don' t know about the security, but I can tell you that depending on the router, the IOS firewall can be VERY slow. I have the IOS firewall running on a 2611 Router, and the thruput is extremely slow, because the router isn't really designed to act as a firewall, although it can do it. For performance AND security, I would say (in my inexperienced opinion) that you are better off with the PIX.

CreatePlease to create content