I'm looking to get a new firewall for home use and I've always used netgear, but I'm looking at something like the cisco 501 pix. The Cisco is quite a bit more, but I'm trying to find out why?
I'm assuming Cisco is better because *I think* they're the market leader in these devices. Is there anything that sticks out as to why a Cisco device would be better? If I do a comparison between the features, I find several netgear devices that cost less the the 501 with more features. Just to say what I've been looking at ... I've been comparing the FVS318, 124G to the PIX 501.
Is there a reason why ya'll would go cisco over other COTS firewalls?
I'm not sure of PIX pricing, but the PIX is obsolete. You can score an ASA
5505 for 350, that'll allow 10 ra/ipsec VPNs and 2 SSL VPNs. (lowest level licensing possible) The 5505 will also allow for site-to-site/easy VPNs and so forth.
IMHO, why "Cisco" vs COTS? Why would you buy a Cisco 1800/2800 series router as opposed to Netgear? If you want experience, exposure, 10001 features, and bragging rights. :) Like most here, I do Cisco -
I guess I'm wondering, what makes cisco so good, or if it is that good. I haven't been doing networking all that long and I understand the points about wanting to use it because it's the profession, but I'm wondering if there's a quality difference or better implemenation difference, better algorithm's, if they're more flexible w/ configurations, etc...
Or is it a question of, the box is only as good as the admin. I guess my confusion is that I'm just seeing many other firewalls out there that seem to have more options than what I've seen on the 501 for half the price .. and I just want to know if experienced people see the same.
Or maybe I'm just too picky about hardware .................. not!
Quality is a huge point. Typically you take down the cisco router because you need to do a software update, rather than needing to reboot because the device has filled up its {NAT|DNS} lookup tables and hung up again.
Its pretty rare for them to crash.
Flexibility on the router line (not the PIX line, which is a totally different beast) does get alot too. They have 1000's of features on the router line, and seems to be adding big features all the time. Having one person knowing the indepth ins and outs of every feature would be near impossible.
OOTH, its nice to know, that if you need to do something strange, that most likely Cisco supports it, supports it well, and it just works once you configure it properly.
OOTH, if you have say, a netgear firewall box. It does one thing. Configuration is straight forward because there's no flexibility. You basicly have such-and-such turned on, or turned off. There's no odd little things you can do. The box does it, or it doesn't do it. The little boxes tend to crash over time, or need power cycling to make work.
I'm not a big fan of the PIX firewalls in the first place. That being said, they are very stable, and do what they need to pretty well. On the firewall side, you do generally get better stability and features when you pay more for an enterprise level rather than the Sonicwall/Watchguard/Dlink type boxes.
My customers I've talked to that had Sonicwall (mostly all the small boxes, not the Pro line) thought that rebooting them from time to time was a normal occurance. The small boxes do lockup every so often. I just had to unwedge a watchguard for a customer the other week.
The enterprise level boxes do tend to support more higher-end features. Specificly on the firewall level, something like H.264 conferencing can be supported on PIX/Fortigate/Juniper pretty easily. Not so on many of the smaller boxes.
You gotta remember, the 501 is the most tiny, basic of the line Cisco bought years and years ago. Even though they are still sold, they clearly show their age.
Again, people keep saying PIX in this thread and the PIX is dead IMO. ASAs are the shizzle right now.
I like how the other poster put it, about the product being so flexible. I often keep my mouth shut now when someone ask if "Impossible task" can be done, cause a lot of times it can be done with Cisco magic.
I think some additional point that make Cisco better are...
-Superb TAC support with Smartnet
-Awesome software
-Durable hardware
If I'm thinking right, Cisco has only done routing on its own. Every other product they found someone who did it great, acquired them and made it even better. (Catalyst, wireless stuff...etc)
Thanks, very helpful info from all who responded. I think I'm going to go with the ASA 5505 for my home network. I hope I made the right choice.
But one remaining question I have that I couldn't find on the Cisco site is ... what sort of software upgrade policy would I get with that box and does it make a difference if I buy it through Cisco or some other online retailer? Oh, and if I do buy it through another online retailer, will I have the option to buy software upgrades (as I had read in other posts pertaining to the Pix 501) past the 90 day warranty or whatever is offered now?
Excellent choice! I run one here at my home too. You can buy it from ANY authorized reseller, be warry of eBay. As far as software, you should simply buy the lowest form of smartnet, 8x5xNBD. Smartnet is an anual support contract with Cisco, it gives you 3 very important things. It's about 60-70$ a year, even cheaper if you buy a multi-year contract.
1, Equipment replacement, if the device should ever fail, Cisco will send you a new one, how fast you get it depends on the type of contract you buy, example, the 8x5xNBD means your will have it Mon-Fri on the next business day. The fastest is 7x24x2hr but the price goes up exponetionaly.
2, Unlimited Cisco support. You can get support from Cisco 24x7. This is for ANYTHING related to the firewall, config help, anything.
3, Unlimited software updates and upgrades.
There are many of yesterdays Cisco routers still available that are capable of serving the purpose of a home router. This may not be for you, but certainly an alternative for someone that may stumble upon this thread...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.