The primary differentiator between a hardware- and software- based firewall is the underlying dependency on the operating systems they run on. Both can prove equally secure if the network design and configuration are impeccable. As seen in the previous chapter, the software-based Cisco IOS Firewall technology is integrated functionality inside the Cisco IOS Software, thereby providing a stateful inspection firewall engine with application-level intelligence. There are a couple of reasons why hardware firewalls are better than software firewalls: hardware firewalls are robust and built specifically for the purpose of "firewalling," and they are less vulnerable than software firewalls. Hence, hardware firewalls have an edge over software-based firewalls.
The Cisco Firewall technology provides a wealth of advanced security and networking services for small-to-medium enterprise and service provider networks, in a modular, purpose-built solution. Cisco hardware-based firewall technology comes in three flavors:
ASA 5500 Series Adaptive Security Appliances
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
Cisco Firewall technology solutions provide application-aware and protocol inspection, access control and flow-based policy enforcement, multi-vector attack protection, and secure connectivity services through a wide range of rich security and networking services. The following sections will briefly highlight features of each platform.