Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Router vs Firewall

First I can connect several PCs to a router, then connect this router to an ADSL modem, and finally via this model (which is connected to an local ISP), all the PCs on the LAN can access to the internet;

Now, let's do this with a firewall, i.e., connect several PCs to a Firewall, then connect this Firewall to an ADSL modem, and finally via this model (which is connected to an local ISP), all the PCs on the LAN can access to the internet, too.

So, my question is when should we use the router and when to use firewall?

Especially, nowadays, a router contains "some" firewall inside, while a firewall also contains "some" router inside.

Thanks to help



Re: Router vs Firewall

Hi Scott,

The decision depends on your requirement.

In my opinion, one of many reasons could be as follow:

a. Why Router with "some" firewall inside

When you already have router doing routing, but you need firewall security feature to secure the access.

You can either load the router with IOS firewall feature, or you can buy new Router bundled with IOS firewall.

b. Why Firewall with "some" router inside

In addition to static route, Cisco PIX & FWSM support dynamic routing protocol such as OSPF and RIP.

You need this when need to host/protect vlans behind firewall, e.g FWSM in redundant Cat6500 series, protecting multiple ServerFarm vlans. These Vlans need to be access by other/user Vlans outside FWSM.

On the Outside/MSFC, you are already running dynamic routing protocol, such as OSPF.

The use of dynamic routing protocol help you to managed access and reachability to the protected Vlans or vice-versa as FWSM is actively participate in OSPF. Same goes to PIX.




Re: Router vs Firewall

personally i prefer a pix whenever possible.

to determine which one to be deployed, we should identify what sort of feature is required. e.g. any vpn? any routing involved? going to connect to the internet or internal use?

assuming vpn is one of the requiremnet and not much routing is involved, i will go with the pix. from my experience, i feel that pix handles vpn better in terms of reliability and flexibility.

even pure firewalling i guess pix would still be my choice as pix is specially designed for security; whereas router firewall feature set is just an add-on feature.

CreatePlease to create content