Introduction

A firewall is a security mechanism located on a network that protects resources from other networks and individuals. A firewall controls access to a network and enforces a security policy that can be tailored to suit the needs of a company.

There is some confusion on the difference between a Cisco PIX firewall and a router. Both devices are capable of filtering traffic with access control lists, and both devices are capable of providing Network Address Translation (NAT). PIX, however, goes above and beyond simply filtering packets, based on source/destination IP addresses, as well as source/destination Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port numbers. PIX is a dedicated hardware device built to provide security. Although a router can also provide some of the functions of a PIX by implementing access control lists, it also has to deal with routing packets from one network to another. Depending on what model of router is being used, access lists tend to burden the CPU, especially if numerous access lists must be referenced for every packet that travels through the router. This can impact the performance of the router, causing other problems such as network convergence time. A router is also unable to provide security features such as URL, ActiveX, and Java filtering; Flood Defender, Flood Guard, and IP Frag Guard; and DNS Guard, Mail Guard, Failover, and FTP and URL logging.

Cisco Systems offers a number of security solutions for networks. Included in those solutions are the Cisco Secure PIX Firewall series.