Hi All!
I'm setting up a small office network:
Server, 10 Workstations, Shared DSL connection, some remote access - just basic stuff.
What advantages would there be for me in going with a CISCO product (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink, etc).
I guess I'm asking, "What would going with a CISCO get me that a Linksys won't?"
Thanks!
mark
Cisco products are more expensive, but then you get the support (security updates, excellent warranty, etc.). Consumer grade routers/firewalls do not provide as much config options / flexibility compared to Cisco. For such a small network, and if you have some time to learn, you can investigate on using a linux router/fw (netfilter or iptables) on a cheap 2 NIC computer.
In addition to those items mentioned by Cen, a few others to consider:
Consumer grade often seems to assume that routine rebooting or power cycling is acceptable. I.e., you can't just install it and forget it.
Commercial grade typically provides better support for remote monitoring and management. Consumer grade, for example, almost never supports SNMP.
Consumer grade typically ships with a default configuration which will provide functionality right out of the box, no effort required (and typically no security provided either, but that is another story). Commercial grade typically requires effort before it can be used.
Commercial grade often tolerates a wider range of environment, i.e., is specified to work at lower and higher temperatures than consumer grade, which can assume use only in locations comfortable to humans. But there are exceptions, so be careful. In particular, some commercial grade HW are speced for data center environments.
RF emission limits are tighter on home products (FCC class B) than they are on office/industrial products (FCC class A). Consumer grade must meet the home limits while commercial grade may choose to only meet the office/industrial limits.
As the old saying goes, "You get what you pay for." Although given the scruples of many vendors, I'd be more inclined to rephrase it in the negative: "You may not get what you pay for, but you never get what you don't pay for!" As always, YMMV.
Good luck and have fun!
Routers and switches:
Until you get to the highest end Linksys, afaik, you won't get a managed product -- no ability to look at error counts, no ability to watch traffic volumes, no ability to check to see if new devices are introduced on your network, and so on.
I don't recall that any of the Linksys devices are "wire speed" -- able to handle all the ports at full speed.
The linksys isn't going to have policy-based routing, or any facility for bandwidth control and not much (if any) facility for traffic policing.
Firewalls:
The BEFSX11 supports only two Security Associations, both to the same peer. Once to four times each day, the currently transmitting TCP connection freezes, the security associations drop, and when they get renegotiated the other TCP connections are fine but that active connection is dead, never to be recoverable. (Suppose for example you are in the middle of typing a letter on a remote system and it freezes on you...) I'm not sure about cause and effect here: plausibly it was a case that when the SA's were expiring normally that the active TCP connection would die. The frequency of the freezes make this device unsuitable for use in business where loss of a connection may be a significant hastle.
The BEFVP41 supports more Security Associations, and more than one peer, and only freezes the connections once a week or less (but they still do freeze from time to time.) The BEFVP41 has trouble recovering sometimes when the ISP changes a DHCP'd interface IP being used for a tunnel, requiring that one go in to the GUI interface and press the "connect" control... not so bad if you are local, but not something you want to be dealing with on a remote system.
The PIX has *much* finer-grained control over what is allowed through and what is not, and much finer-grained control over exactly how IP addresses get translated.
The PIX has support for a series of protocols, to know to translate IP addresses and port numbers embedded in the protocols (e.g., in order to receive a file in FTP, your system has to tell the other system which IP and port to connect to, and the PIX needs to mediate between your internal addresses and the external ones.) The set of protocols supported by the PIX is not as extensive as is now supported by some of the other manufacturers... but the Linksys simply don't document that kind of protocol support at all.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.