Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

What is the difference between a PIX Firewall and a router or switch with IOS Firewall?

Core issue

A Firewall is usually a networking device that protects networks by blocking unwanted traffic, and monitoring and controlling useful, desirable traffic. The Firewall functions as a filter as traffic moves from one network to another. It blocks or allows specific protocols and data types, and inspects permitted traffic flow for networking protocol compliance as well as adherence to a business's information systems usage policy. This ensures that network traffic acts in its intended function.

Firewall policies are usually statically defined by network administrative staff to minimize impact on an organization's business objectives. The policies must be adjusted periodically so the Firewall affords the appropriate level of protection. Policies can be based on user ID and password authentication, source address, destination address, protocol type, specific application activity, traffic connection rates, and other criteria.

Resolution

Routers and switches run Cisco IOS, and the IOS Firewall is a feature that can be configured on them by software. This feature allows routers and switches to work on a stateful firewall basis.

PIXes are specialized hardware devices that operate on software code which is different than the IOS software code that routers and switches operate on. The IOS codes of routers and switches are not compatible with the software code that runs on PIX Firewalls.

The Cisco IOS Firewall differs very little from Cisco PIX and Adaptive Security Appliances (ASAs) in terms of functional capability. The two product lines are somewhat similar in their configuration interfaces, both on the command-line interface (CLI) and graphical user interface (GUI). The major differentiators between Cisco IOS Firewall and Cisco PIX/ASA are additional features versus performance, given a comparison between similarly priced platforms. The Cisco PIX and ASA products offer substantially higher performance for a given cost, reflecting the common appliance advantage, while Cisco IOS Firewall offers a broader feature set, reflecting the common routing-platform advantage.

For more information, refer to Cisco IOS Firewall Q & A and Cisco Secure PIX Firewall Frequently Asked Questions.

Refer to Cisco Integrated Firewall Solutions which provides an insight and helps in deciding on when to choose PIX Firewall or an IOS Firewall.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:12 PM
Updated by:
 
Labels (1)