We have used the PIX for several clients with varying size networks.
The biggest advantage to the PIX is that you can use a private addressing
scheme on your network. This allows you to create a meaningful IP
addressing scheme. For example, you can designate the second octet to
match the OSPF area the address is used in. (i.e 10.3.0.0 for area 3,
10.4.0.0 for area 4 and so on). Another advantage to private addressing is
that you never have to worry about renumbering your network due to changing
ISP's or anything like that.
As far as the security aspects of PIX, it basically hides your entire
network from the outside world. Unless your PIX is corrupted, hosts
outside of your network can never directly connect to hosts within your
network since private addresses are not routed on the Internet. The
downside to the PIX is that it has limited access-list ability and it's not
very user friendly.
You also might want to check out version 11.2 of the Cisco IOS, which has
PIX functionality built in. It also has support for traditional IP and
extended IP access lists.
Network Evolutions, Inc.
At 11:32 AM 11/25/96 -0500, you wrote:
>Has anyone used Cisco's PIX firewall? If anyone has, what are the
>advantages/disadvantages of using it?
>I would appreciate any input. Thanks a lot.