The above question is not for a business per-se but for home use.. I've got an 1841 router that I'll have running and was curious about whether or not it will suffice to work both as a router and also a firewall of sorts.. I see lots of information on the PIX firewall/VPN devices and while I have no current need for VPN services now, I'm curious if the firewall features on these devices are that much better than what a plain router is capable of.. Ultimately, I'd like something that will provide for more protection than what I'd normally get with a consumer based product (e.g. netgear,linksys,etc).. Thanks!
Goodness, I can see a multitude of replies to this, so I will start at the basics and let you work up from there....;-)
It all comes down to what you are doing with your internet access.
If its just for regular home browsing use with perhaps some PRIVATE (see below) Server operations, etc... then a decent Router that is doing NAT and has the IOS Firewall S/W should provide most of what you need, and this is exactly what I use at home. Of course past the Network environment, you will also need application protection, such as Email Anti-spam S/W (perhaps ISP implemented).
If you are doing more SERVING from your home site, then you may be better off with something like a PIX.
My home Cisco has the F/W and full VPN IOS, however one thing to remember is that VPN S/W in a Network device can often be configured to serve ALL devices on one interface, or just a single device. The best (IE most secure) VPN tunnel terminates at the actual VPN end-points, and nowhere else, but it really all comes down to what you wish to use the VPN for. I bought my Cisco 7 years ago, and while I used the F/W from day one, I have never yet needed to use the SITE VPN in the Router at all, as all my VPN's terminate on the actual HOST, and the Router transparently passes them on.
In the context of this reply, PRIVATE Servers are Servers that you operate from Home behind your Routers NAT environment, and the target PORT for that Server is not one of the "Well Known addresses". IE a standard WEB Server (IE HTTP) normally uses port 80. You can relocate your server to a higher "unused" port number that is not normally used (IE ports 1 - 512 are Well Known ports, 513 - 65535 are not Well Known ports), however other people can still REACH your server as long as they know which PORT to use. To do this YOU have to tell them which it is first.....;-) Your security needs for IOS are to block all incoming requests EXCEPT those that - 1. Are replies to requests that ORIGINATE from you private LAN, 2. YOU specifically tell it to allow all EXTERNALLY initiated requests through. in this case IOS with the F/W feature set is usually enough (IMHO).
So there is no real one answer to the question without a lot of other considerations being entered into the calculation, however for general Home use I would not bother with a specific Firewall Appliance unless I was offering Services on Well Known ports, but doing that is often frowned on by ISP's.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.