Re: Hardware Firewall

[Craig Van Tassle <craig () codestorm org>]

On Mon, 17 Nov 2008 14:40:50 -0700
h.carpentier () yahoo co uk wrote:

> Hello all,
>
> I am going to upgrade in the near future a network security course.
> The course is looking at network security from a hardware point of
> view, using at the present time PIX firewalls and router IOS security
> features. I am very familiar with the PIX, and am aware that they
> will be unsupported soon (2012?). They are replaced with ASAs. Is
> there really many people using ASAs out there? The Cisco routers IOS
> seem to be able to fulfil most of the functions anyway. Do you know
> of other platform offering the same or similar functions? 
>
> Cheers
>
> Hervé Carpentier

I have used both the PIX's and ASA. The bigger PIX's (515 and higher)
all support the PIXOS 7 and up.  The PIX firewalls are already EOL, they are still
supported thought. 

As for the differences it all depends on what exactly you want to do
with them. If you are looking for a Fireall/VPN concentrator they work
very well. Their IPS module is ok, but not as good as I would like.
Also they can integrate with websence and other web filtering servers
very will. AFAIK the Security ISO routers are unable to do that. 

If you are looking to get away from the Cisco firewall's I would
recommend that you look at the Netscreen firewalls. Fortigate makes
firewalls as well, though I'm not all that impressed with them and
their VPN systems are ugly to configure.