General discussion


Cisco Pix VS Others

By mlepage ·
The company that I work for has just been divided in two. One division will sold, and the other will be moving to a new location. I will moving with it and I am involved in building the new network with other admins from the corporate headquarters.

I have just received the list of devices that they want to buy and for the firewall they want a Cisco Pix 515E. I want to know the pros and cons of the Pix compared to other firewall (specifically Application layer firewall) like the Secure Computing Sidewinder.

I know the Pix is much cheaper, but I also think that the Pix is much less secure since it is a network layer firewall.

And if I should get an application layer firewall, how should try to convince them. I think it will be difficult because they already use a Pix at their location

What do you think.

Thank you

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ISPnetworker In reply to Cisco Pix VS Others

Cisco is like IBM in the 1980s; nobody ever got fired for recommending them. Since the company has an embedded population of PIX, do not expect to make them converts to a non-Cisco product. The PIX is a maturing product with a good reputation and adequate functionality.

If you want to convince the powers-to-be to convert to your solution, make your argument factual based on existing and expected future requirements. Effective decisions are based on functionality, supportability/longevity, and total cost of ownership.

Collapse -

by cw In reply to Cisco Pix VS Others

First a correction. The PIX is not a "Network Layer Firewall". It is generally considered a Layer 4, or Transport Layer Firewall. As a "Stateful Inspection" firwall, the PIX inspects the State of a packet as it leaves the network and compares that data to inbound traffic. The PIX also performs some IDS and upper layer services for inspecting traffic, such as the "Fixup" protocol and maintaining a modest base of Intrusion Signatures. Additionally the PIX is an EAL4 rated hardware appliance, and is a strong candidate to protect a network perimeter. It is also very fast, and will enhance your network performance.

Application Layer Firewalls, such as Checkpoint, are of course more complex and therefore can offer tighter control over your network access, but also require more administration and training to maintain. It basically depends on your security requirements and the amount of time and staff you intend on alloting to Firewall management. The PIX is a good solution and I would you will find it a tough perimeter bastion host.

Hope this helps

Chris Weber CCDP

Related Discussions

Related Forums