Originally Posted by EGS
Yes it will my Cisco PIX already have stopped massive DDoS attacks can someone knowledgeable please help me?
Firewalls especially the ones you are talking about don't stop DDoS attacks, maybe just straight attacks that can be null routed if the attacker is stupid and just uses one ip and that is a big maybe. But otherwise firewalls are not designed at all in anyway shape or form to stop a DDoS/DoS attack. Some netscreens on the higher levels might have some ability to but when you get into that price range its better to get a stand alone DDoS appliance ala Riorey or a Cisco guard.
The firewalls you are talking about have a MAX packets per/sec which any real "massive" attack will easily clobber and bring the box down, the other thing is they are both 100mbps max uplinks which any real massive attack will clobbber and bring that device down. So either way you loose loose.
Firewalls are designed for primarily one thing, to NAT/Route, and close off unwanted ports and provide logging via syslog to an off device server that someone is attacking this port.