Introduction to the Cisco Security Appliance Family
PIX Security Appliance models

The PIX Security Appliance 500 series feature set includes stateful inspection firewalling, advanced application and protocol inspection, site-to-site and remote access virtual private networking (VPN), intrusion detection and prevention, and robust multimedia and voice security. The features that are available vary by model.

PIX 501 Security Appliance
The PIX 501 Security Appliance delivers enterprise-class security for small offices and teleworkers . The PIX 501 is ideal for securing high-speed, always on, broadband environments.

The PIX 501 Security Appliance provides a convenient way for multiple computers to share a single broadband connection. In addition to the RJ-45 9600 baud console port and the integrated 10/100BASE-T port for the outside interface, it features an integrated auto-sensing, auto-medium-dependent interface crossover(MDIX) four-port 10/100 switch for the inside interface. Auto-MDIX support eliminates the need to use crossover cables with devices connected to the switch.

The PIX 501 Security Appliance can also secure all network communications from remote offices to corporate networks across the Internet using its standards-based Internet Key Exchange (IKE)/IPSec VPN capabilities. The PIX 501 can act as a Dynamic Host Configuration Protocol (DHCP) to automatically assign network addresses to the computers when they are powered on.

With PIX 501 Security Appliance Software Release 6.3, there are several product licensing options available. Each user license supports a maximum number of concurrent source IP addresses from the internal network to traverse through the PIX 501. 10-user, 50-user, or unlimited user licenses are available.

For VPN encryption, there are two options, Data Encryption Standard (DES), which supports 56-bit DES encryption, or Triple-DES (3DES), which supports both 168-bit 3DES and up to 256-bit Advanced Encryption Standard (AES) encryption.

PIX 506E Security Appliance
The Cisco PIX 506E Security Appliance delivers enterprise-class security for remote office, branch office, and small-to-medium business (SMB) networks . The PIX 506E supports two 10/100 Fast Ethernet interfaces and two 802.1q-based virtual interfaces.

The PIX 506E Security Appliance license is provided in a single, unlimited user license. There are two VPN encryption options, DES which supports 56-bit DES encryption or 3DES which supports both 168-bit 3DES and up to 256-bit AES encryption.

PIX 515E Security Appliance
The Cisco PIX 515E Security Appliance delivers enterprise-class security for small-to-medium business and enterprise networks. The chassis is one-rack unit (1RU) in size. The PIX 515E supports up to six 10/100 Ethernet ports . With the restricted license, it supports three interfaces and ten VLANs. With the unrestricted license (UR), it supports six interfaces, 25 VLANs, and five security contexts.

This model also features integrated hardware-based IPSec acceleration, delivering VPN performance of up to 130 Mbps while freeing system resources for other security functions. IPSec acceleration is provided by an integrated PIX Firewall VPN Accelerator Plus card (VAC+), or the PIX Security Appliance VAC. There is more information on the VAC and VAC+ cards later in this lesson.

The PIX 515E Security Appliance comes with 16 MB of Flash memory and uses TFTP for image download and upgrade.

PIX 525 Security Appliance
The PIX 525 Security Appliance delivers enterprise-class security for medium-to-large enterprise networks . The modular two-rack unit (2RU) design incorporates two 10/100 Fast Ethernet interfaces and supports a combination of additional 10/100 Fast Ethernet interfaces or Gigabit Ethernet interfaces. With the restricted license, it supports up to six interfaces and 25 VLANS. With the UR license, it supports up to ten interfaces, 100 VLANs, and 50 security contexts.

The PIX 525 Security Appliance also offers multiple power supply options. Either AC or a 48 DC power supply is available. Either option can be paired with a second power supply for redundancy and high availability.

PIX 535 Security Appliance
The PIX 535 Security Appliance delivers enterprise-class security for large enterprise and service provider networks . The modular three-rack unit (3RU) design supports a combination of up to 10/100 Fast Ethernet interfaces or Gigabit Ethernet interfaces, integrated VPN accelerator card, as well as redundant power supplies. With the restricted license, it supports up to eight interfaces and 50 VLANs. With the UR license, it supports up to fourteen interfaces, 200 VLANs, and 100 security contexts.

The PIX 535 Security Appliance has a throughput of 1.7 Gbps with the ability to handle up to 500,000 concurrent connections and 5,000 IPSec tunnels. The PIX 535 comes with 16 MB of Flash memory.

NOTE:

If, after configuring a PIX Security Appliance for Gigabit Ethernet cards, if the cards are replaced with 10/100 Ethernet cards, the order of the cards in the configuration changes from what was originally configured. For example, if a Gigabit Ethernet card is configured as ethernet0 and assigned to the inside interface, this card may no longer appear as ethernet0 if it is replaced with a 10/100 Ethernet card.


Interactive Media Activity

PhotoZoom: PIX 501 Security Appliance

In this PhotoZoom, students will view a PIX 501 Security Appliance.

Interactive Media Activity

PhotoZoom: PIX 506E Security Appliance

In this PhotoZoom, students will view a PIX 506E Security Appliance.

Interactive Media Activity

PhotoZoom: PIX 515E Security Appliance

In this PhotoZoom, students will view a PIX 515E Security Appliance.

Interactive Media Activity

PhotoZoom: PIX 525 Security Appliance

In this PhotoZoom, students will view a PIX 525 Security Appliance.

Interactive Media Activity

PhotoZoom: PIX 535 Security Appliance

In this PhotoZoom, students will view a PIX 535 Security Appliance.

Web Links