Alejandro Cabrera Obed wrote: >Hi people !!! > > > Hi :) I would say that while Iptables is a set of Block to build a Wall , Cisco PIX is a pre-built Wall you just have to paint and let it shine. Iptables gives for sure a lot of opportunities of configuration and traffic control that a Cisco Pix does not and i think is not possible to forget that Iptables-Firewall is a complete Linux system with all the advantages this can gives, for example a cron-tab, scripting , and so on. I think that , as always, the choice depends on your needs from the device. If you need a statefull firewall failover your choose is done because iptables is not ready to do it yet while Cisco PIX does it in a clear and fast way. I would always use a Cisco Pix as Border Firewall because of its reliability and performance, also because i would not do specific or particular filter at this level of network. I would instead use a Linux/Iptables firewall at 'User Level' because it would let me to do ANYTHING i want and because at this level i could , maybe, leave the statefull failover out to have the maximum flexibility possible. bye <P>
