|
The Cisco PIX Firewall series delivers strong security in an easy-to-install, integrated hardware/software firewall appliance that offers outstanding performance. Cisco`s world-leading PIX Firewall family spans the entire user application spectrum, from compact, plug-n-play desktop firewalls for small/home offices to carrier-class gigabit firewalls for the most demanding enterprise and service provider environments. Cisco PIX Firewalls deliver superior performance of up to 500,000 simultaneous connections and nearly 1.7 Gigabits per second (Gbps) aggregate throughput-while providing Cisco customers world-class security, reliability and customer service.
-
Security - Cisco PIX Firewalls are purpose-built firewall appliances that utilize a proprietary, hardened operating system which eliminates security risks associated with general purpose operating systems. PIX firewalls also provide the latest in security technology ranging from stateful inspection firewalling, IPsec and L2TP/PPTP-based VPNs, content filtering capabilities, and integrated intrusion detection to help secure your network environment from next-generation attacks. At the heart of the PIX Firewall family is the adaptive security algorithm (ASA), which maintains the secure perimeters between the networks controlled by the firewall. The stateful, connection-oriented ASA design creates session flows based on source and destination addresses, TCP sequence numbers (which are non-predictable), port numbers, and additional TCP flags. All inbound and outbound traffic is controlled by applying security policies to each connection table entry.
-
Performance - Cisco PIX firewall`s highly scalable, yet very secure architecture based upon stateful inspection technology and application-aware "fixups" provides state-of-the-art performance and robust security. With support for up to 10 Gigabit Ethernet interfaces and 1.7 Gbps of throughput, PIX Firewalls can scale to meet the needs of the most demanding network environments.
-
Reliability - Cisco PIX Firewalls provide resilient security services for mission-critical network environments by leveraging the integrated stateful failover capabilities within PIX. Network traffic can be automatically sent to a hot standby unit in the event of a failure, while maintaining concurrent connections via automated state synchronization between the primary and standby units.
-
Virtual Private Networking (VPN) - Cisco PIX Firewalls support both standards-based IPsec and L2TP/PPTP-based VPN services, which are suitable for site-to-site and remote access VPN deployments. Tripe DES (3DES) based VPN throughput can be scaled to nearly 100 Mbps using the PIX VPN Accelerator Card (VAC), which offloads compute-intensive encryption/decryption processes to specialized cryptographic coprocessors.
-
Network Address Translation (NAT) and Port Address Translation (PAT) - Cisco PIX Firewalls provide robust NAT and PAT services to conceal IP addresses of internal networks and to expand network address space for internal networks.
-
Denial-of-Service (DoS) Attack Prevention - Cisco PIX Firewalls protect the firewall and networks behind them from disruptive network hacking attempts that could otherwise bring a network to a halt.
-
Simple, Web-Based Management with PIX Device Manager (PDM) - Cisco PIX Firewalls provide a simple, easy-to-use web-based interface for centrally managing the configuration of PIX firewalls. Furthermore, PDM provides a wide range of informative, real-time, and historical reports which give critical insight into usage trends, performance baselines, and security events. PDM provides all the tools necessary to manage a firewall, all from the convenience of any web browser.
-
Platform Extensibility - Cisco PIX Firewalls provide an extensible platform that can easily grow with your networking needs. With support from two 10/100 Ethernet interfaces all the way up to ten Gigabit Ethernet interfaces in a single firewall appliance solution, PIX Firewalls can fit your budget and your networking environment.
-
Low Cost of Ownership - Simple installation and configuration minimizes time investment required for administrators to get PIX firewalls up and running. Minimal time investment combined with an impressive price/performance ratio enable Cisco PIX Firewalls to provide low total cost of ownership (TCO).
Hardware
Table 19-13: Technical Specifications for Cisco PIX Firewalll
|
Description |
PIX 501 Firewall |
PIX 506 Firewall |
PIX 515 Firewall |
PIX 525 Firewall |
PIX 535 Firewall |
|
Processor |
133 MHz |
200 MHz |
200 MHz |
350 MHz |
1 GHz |
|
RAM |
16 MB |
32 MB |
32 MB or 64 MB |
128 MB or 256 MB |
512 MB or 1 GB |
|
Flash Memory |
8 MB |
8 MB |
16 MB |
16 MB |
16 MB |
|
PCI Slots |
None |
None |
2 |
3 |
9 |
|
Fixed Interfaces |
1 10BaseT Ethernet (outside)
4 port 10/100 switch (inside) |
2 10BaseT Ethernet |
2 10/100 Fast Ethernet |
2 10/100 Fast Ethernet |
None |
|
Maximum Interfaces |
1 10BaseT Ethernet (outside)
4 port 10/100 switch (inside) |
2 10BaseT Ethernet |
6 10/100 Fast Ethernet |
8 10/100 Fast Ethernet or Gigabit Ethernet |
10 10/100 Fast Ethernet or Gigabit Ethernet |
|
VPN Accelerator Card (VAC) Support |
No |
No |
Yes |
Yes |
Yes |
|
Failover Support |
No |
No |
Yes, UR only |
Yes, UR only |
Yes, UR only |
|
Rack Mountable |
No |
No |
Yes |
Yes |
Yes |
|
Size |
Desktop |
Desktop |
1 RU |
2 RU |
3 RU |
. Rack-mountable products come with rack-mount hardware
Failover requires a special Cisco cable, included with failover capable systems
Table 19-14: Power Requirements for Cisco PIX Firewall
|
Description |
PIX 501 Firewall |
PIX 506 Firewall |
PIX 515 Firewall |
PIX 525 Firewall |
PIX 535 Firewall |
|
Autoswitching |
100-240 VAC |
100-240 VAC |
100-240 VAC |
100-240 VAC |
100-240 VAC |
|
Frequency |
50-60 Hz |
50-60 Hz |
50-60 Hz |
50-60 Hz |
50-60 Hz, single phase |
|
Current |
0.051 Amps |
1.5-0.75 Amps |
1.5-0.75 Amps |
5-2.5 Amps |
4-2 Amps |
Table 19-15: Physical and Environmental Specifications for Cisco PIX Firewall
|
Description |
PIX 501 Firewall |
PIX 506 Firewall |
PIX 515 Firewall |
PIX 525 Firewall |
PIX 535 Firewall |
|
Dimensions (HxWxD) |
1.0 x 6.25 x 5.5 in.
(2.54 x 15.875 x 13.97 cm) |
1.72 x 8.5 x 11.8 in.
(4.4 x 21.7 x 29.9 cm) |
1.72 x 16.82 x 11.8 in., 1 RU
(4.4 x 42.7 x 29.9 cm) |
3.5 x 17.5 x 18.25 in., 2 RU
(8.89 x 44.45 x 46.36 cm) |
5.25 x 17.5 x 18.25 in., 3 RU
(8.89x 44.45 x 46.36 cm) |
|
Weight |
0.75 lb. (0.34 kg) |
6 lb. |
11 lb. (4.9 kg) |
32 lb. (14.5 kg) |
32 lb. (14.5 kg) |
|
Operating Temperature |
32 to 104?F
(0 to 40?C) |
-25 to 113?F
(-5 to +45?C) |
-25 to 113?F
(-5 to +45?C) |
-25 to 131?F
(-5 to +55?C) |
-25 to 113?F
(-5 to +45?C) |
|
Storage Temperature |
-4 to 149?F
(-20 to 65?C) |
-13 to 158?F
(-25 to +70?C) |
-13 to 158?F
(-25 to +70?C) |
-13 to 158?F
(-25 to +70?C) |
-13 to 158?F
(-25 to +70?C) |
|
Operational Humidity |
90% relative humidity (RH) |
95% relative humidity (RH) |
95% relative humidity (RH) |
95% relative humidity (RH) |
95% relative humidity (RH) |
|
Operational Altitude |
6500 ft (2000m) |
9843 ft (3000m), 77?F (25?C) |
9843 ft (3000m), 77?F (25?C) |
9843 ft (3000m), 104?F (40?C) |
9843 ft (3000m) |
|
Heat Dissipation (Worst Case with Full Power Usage) |
17.0 BTU/hr |
102.4 BTU/hr |
160.37 BTU/hr |
410 BTU/hr |
750 BTU/hr |
Software
For additional specifications, see the Cisco PIX Firewall datasheet on the Cisco Web at
http://www.cisco.com/go/pix.
For software options for the Cisco PIX Firewall Series, see PIX Firewall Software in the tables below.
-
State-of-the-art Adaptive Security Algorithm (ASA) and stateful inspection firewalling
-
Cut-through proxy authenticates and authorizes connections, meanwhile enhancing performance
-
Easy-to-use Web-based interface for managing PIX firewalls remotely
-
Support for up to 10 ethernet interfaces ranging from 10-BaseT, 10/100 Fast Ethernet to Gigabit Ethernet
-
Stateful firewall failover capability with synchronized connection information and product configurations
-
True Network Address Translation (NAT) as specified in RFC 1631
-
Port Address Translation (PAT) further expands a company`s address pool-one IP address supports more than 64,000 hosts
-
Support for IPsec and L2TP/PPTP-based VPNs
-
Support for high performance URL filtering via integration with Websense-based URL filtering solutions
-
Mail Guard removes need for external mail relay server in perimeter network
-
Support for broad range of authentication methods via TACACS+, Radius and Cisco ACS integration
-
DNS Guard transparently protects outbound name and address lookups
-
Flood Guard and Fragmentation Guard protect against denial of service attacks
-
Support for advanced Voice over IP (VoIP) standards including SIP, H.323 and others
-
Java blocking eliminates potentially dangerous Java applets (not compressed or archived)
-
Cisco IOS-style command-line interface
-
Extended authentication, authorization, and accounting capabilities
-
Net Aliasing transparently merges overlapping networks with the same IP address space
-
Ability to customize protocol port numbers
-
Integration with Cisco Intrusion Detection Systems for shunning connections of known malicious IP addresses
-
Enhanced customization of syslog messages
-
Simple Network Management Protocol (SNMP) and syslog for remote management
-
Reliable syslogging using either TCP or UDP
-
Extended transparent application support (both with and without NAT enabled) includes:
-
Sun remote procedure call (RPC)
-
Microsoft Networking client and server communication (NetBIOS over IP) using NAT
-
Multimedia, including RealNetworks` RealAudio, Xing Technologies` Streamworks, White Pines` CuSeeMe, Vocal Tec`s Internet Phone, VDOnet`s VDOLive, Microsoft`s NetShow, VXtreme Web Theatre 2; and Intel`s Internet Video Phone and Microsoft`s NetMeeting (based on H.323 standards)
-
Oracle SQL*Net client and server communication
Table 19-16: PIX Firewall Manager Specifications
|
Operating Systems |
Browsers |
|
Windows 2000 (Service Pack 1)
Windows NT 4.0 (Service Pack 6a)
Windows 98 (original or 2 nd addition) |
MS Internet Explorer 5.01 (Service Pack1) or higher (5.5 recommended)
Netscape Communicator 4.51 or higher (4.76 recommended) |
|
Sun Solaris 2.6 or 2.8 running CDE or
OpenWindows window manager |
MS Internet Explorer 5.0 or higher (5.5 recommended)
Netscape Communicator 4.51 or higher (4.76 recommended) |
|
Redhat Linux 6.2 or 7.0 running GNOME
or KDE 2.0 desktop environment |
Netscape Communicator 4.76 |
For additional specifications, see the Cisco PIX Firewall datasheet on the Cisco Web at
http://www.cisco.com/go/pix.
All part descriptions and part numbers for Cisco products can be accessed using the online Cisco Pricing Tool at
http://www.cisco.com/cgi-bin/order/pricing_root.pl
Table 19-17: Cisco PIX 501 Firewall Software Licenses
|
Product Number |
Product Description |
|
PIX-501-SW-10 |
10-user license for PIX 501 |
|
PIX-501-SW-50 |
50-user license for PIX 501 |
|
PIX-501-SW-10-50= |
10-to-50 user upgrade license for PIX 501 |
|
PIX-VPN-DES |
56-bit DES IPSec software license for Cisco PIX 501 Firewall |
|
PIX-501-VPN-3DES |
168-bit 3DES IPSec software license for Cisco PIX 501 Firewall |
The Cisco PIX 506 Firewall is provided in a single, unlimited mode.
Table 19-18: Cisco PIX 506 Firewall Software Licenses
|
Product Number |
Product Description |
|
PIX-VPN-DES |
56-bit DES IPSec software license for Cisco PIX 506 Firewall |
|
PIX-506-SW-3DES |
168-bit 3DES IPSec software license for Cisco PIX 506 Firewall |
Starting with Cisco PIX version 5.1(2) the Cisco PIX 515-R Firewall supports a maximum of three interfaces. Customers must purchase the third interface. This is a free software upgrade for customers with SMARTnet contracts and is available on Cisco.com. Customers who upgrade from an earlier version must obtain a new activation key from licensing@cisco.com. Customers who purchase a new Cisco PIX 515-R Firewall with software version 5.1(2) preinstalled will not be affected. Software version 5.2 or later does not require a new activation key for third-party interface support.
Table 19-19: Cisco PIX 515 Firewall Software Licenses
|
|
Product Number |
Requirements/Comments |
|
Restricted |
PIX-515-SW-R |
Cisco PIX 515 Firewall Restricted software license. Failover is not supported. |
|
Unrestricted |
PIX-515-SW-UR |
Cisco PIX 515 Firewall Unrestricted software license.
Requires PIX-515-MEM-32 to upgrade base chassis from 32 MB to 64 MB |
|
Failover |
PIX-515-FO-SW |
Cisco PIX 515 Firewall Failover software license. |
|
Restricted to Unrestricted |
PIX-515-SW-UPG= |
Cisco PIX 515 Firewall Restricted to Unrestricted software license upgrade. Includes PIX-515-MEM-32 to upgrade base chassis from 32MB to 64MB. |
|
Failover to Restricted |
PIX-515-SW-FO-R |
Cisco PIX 515 Firewall Failover to Restricted software license upgrade. |
|
Failover to Unrestricted |
PIX-515-SW-FO-UR |
Cisco PIX 515 Firewall Failover to Unrestricted software license upgrade. |
|
56-bit DES IPSec |
PIX-VPN-DES |
Zero cost option required to enable DES support. |
|
168-bit 3DES IPSec |
PIX-VPN-3DES |
168-bit 3DES IPSec software license for Cisco PIX Firewall. |
Table 19-20: Cisco PIX 525 Firewall5 Software Licenses
|
|
Product Number |
Requirements/Comments |
|
Restricted |
PIX-525-SW-R |
Cisco PIX 525 Firewall Restricted software license. Failover not supported. |
|
Unrestricted |
PIX-525-SW-UR |
Cisco PIX 525 Firewall Unrestricted software license. |
|
Fail-Over |
PIX-525-FO-SW |
Cisco PIX 525 Firewall Failover software license. |
|
Restricted to Unrestricted |
PIX-525-SW-R-UR |
Cisco PIX 525 Firewall Restricted to Unrestricted software license upgrade. Includes 128 MB RAM. |
|
Fail-Over to Restricted |
PIX-525-SW-FO-R |
Cisco PIX 525 Firewall Failover to Restricted software license upgrade. |
|
Fail-Over to Unrestricted |
PIX-525-SW-FO-UR |
Cisco PIX 525 Firewall Failover to Unrestricted software license upgrade. |
|
56-bit DES IPSec |
PIX-VPN-DES |
Zero cost option required to enable DES support. |
|
168-bit 3DES IPSec |
PIX-VPN-3DES |
168-bit 3DES IPSec software license for PIX Firewall. |
Table 19-21: Cisco PIX 535 Firewall Software Licenses
|
|
Product Number |
Requirements/Comments |
|
Restricted |
PIX-535-SW-R |
Cisco PIX 535 Firewall Restricted software license. Failover not supported. |
|
Unrestricted |
PIX-535-SW-UR |
Cisco PIX 535 Firewall Unrestricted software license. |
|
Fail-Over |
PIX-535-FO-SW |
Cisco PIX 535 Firewall Failover software license. |
|
Restricted to Unrestricted |
PIX-535-SW-R-UR |
Cisco PIX 535 Firewall Restricted to Unrestricted software license upgrade. Includes 512MB RAM. |
|
Fail-Over to Restricted |
PIX-535-SW-FO-R |
Cisco PIX 535 Firewall Failover to Restricted software license upgrade. |
|
Fail-Over to Unrestricted |
PIX-535-SW-FO-UR |
Cisco PIX 535 Firewall Failover to Unrestricted software license upgrade. |
|
56-bit DES IPSec |
PIX-VPN-DES |
Zero cost option required to enable DES support |
|
168-bit 3DES IPSec |
PIX-VPN-3DES |
168-bit 3DES IPSec software license for PIX Firewall. |
Table 19-22: Available Support Contracts for the Cisco PIX Firewall Family
|
Description |
Part Number |
|
PIX SMARTnet maintenance-all versions |
CON-SNT-PIX |
|
PIX SMARTnet maintenance-all versions (two-tier products) |
CON-SNT-PKG12 |
Category: Security and VPN
Get a Fast Quote on this item today!
Back to the top ^
|
