Choosing Between the PIX and the ASA

Chia sẻ: Tuan Bui Nghia | Ngày: | Loại File: PDF | Số trang:1

0
55
lượt xem
14
download

Choosing Between the PIX and the ASA

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Choosing Between the PIX and the ASA One of the first questions to answer when trying to determine what Cisco firewall your environment requires is what the difference between the Cisco PIX Firewall and the Cisco ASA is.

Chủ đề:
Lưu

Nội dung Text: Choosing Between the PIX and the ASA

  1. Choosing Between the PIX and the ASA One of the first questions to answer when trying to determine what Cisco firewall your environment requires is what the difference between the Cisco PIX Firewall and the Cisco ASA is. The ASA is essentially the latest version of the Cisco firewall solution and is based largely on the PIX software. In fact, the Cisco ASA and enterprise versions of the PIX (PIX 515E and larger) actually run the same firewall software starting with the 7.x code base. In the case of the PIX, this firewall software is commonly known as PIX version 7.x. In the case of the ASA, this firewall software is commonly known as ASA version 7.x. Versions of software prior to 7.0 are not supported on the ASA. The major difference between the Cisco PIX Firewall and the ASA does not lie in the firewall functionality itself, but rather in the additional features that the ASA provides in an integrated solution. Although the PIX can perform some basic IDS functions, it is really not an effective IDS solution in and of itself. The ASA addresses this PIX deficiency by incorporating a fully functional and feature-complete IPS solution as a component of the ASA. In essence, the ASA not only runs the PIX firewall software, it is also capable of running the complete Cisco IPS software to provide an integrated firewall and IPS solution. This is commonly referred to as deep packet inspection. In conjunction with the advanced IPS capabilities, the ASA also provides for content security and control for antivirus, antispam, and antiphishing (commonly referred to as anti-X) scanning through the use of the Content Security Control and Control Security Services Module (CSC SSM). The ASA also supports Secure Sockets Layer (SSL)-based VPN connections and VPN clustering to provide for load balancing of VPN clients. Finally, the ASA tends to provide for much better performance than the PIX at a similar price point due to the fact that the ASA uses newer-generation processors and application- specific integrated circuits (ASIC) than the PIX does. So the question of whether you should select a PIX or an ASA comes down largely to whether you need the additional functionality of the ASA, because fundamentally they both provide the exact same basic firewall functionality. If you do need the additional IPS functionality that the ASA provides, or think you will in the near future, the ASA is the appropriate choice. If you do not, the PIX firewall is the appropriate choice.  
Đồng bộ tài khoản