The PIX Security Appliance 500 series feature set includes stateful
inspection firewalling, advanced application and protocol inspection,
site-to-site and remote access virtual private networking (VPN), intrusion
detection and prevention, and robust multimedia and voice security. The
features that are available vary by model.
PIX 501 Security Appliance
The PIX 501 Security Appliance
delivers enterprise-class security for small offices and teleworkers
. The PIX 501 is
ideal for securing high-speed, always on, broadband environments.
The
PIX 501 Security Appliance provides a convenient way for multiple computers to
share a single broadband connection. In addition to the RJ-45 9600 baud console
port and the integrated 10/100BASE-T port for the outside interface, it
features an integrated auto-sensing, auto-medium-dependent interface
crossover(MDIX) four-port 10/100 switch for the inside interface. Auto-MDIX
support eliminates the need to use crossover cables with devices connected to
the switch.
The PIX 501 Security Appliance can also secure all network
communications from remote offices to corporate networks across the Internet
using its standards-based Internet Key Exchange (IKE)/IPSec VPN capabilities.
The PIX 501 can act as a Dynamic Host Configuration Protocol (DHCP) to
automatically assign network addresses to the computers when they are powered
on.
With PIX 501 Security Appliance Software Release 6.3, there are
several product licensing options available. Each user license supports a
maximum number of concurrent source IP addresses from the internal network to
traverse through the PIX 501. 10-user, 50-user, or unlimited user licenses are
available.
For VPN encryption, there are two options, Data Encryption
Standard (DES), which supports 56-bit DES encryption, or Triple-DES (3DES),
which supports both 168-bit 3DES and up to 256-bit Advanced Encryption Standard
(AES) encryption.
PIX 506E Security Appliance
The Cisco PIX
506E Security Appliance delivers enterprise-class security for remote office,
branch office, and small-to-medium business (SMB) networks
. The PIX
506E supports two 10/100 Fast Ethernet interfaces and two 802.1q-based virtual
interfaces.
The PIX 506E Security Appliance license is provided in a
single, unlimited user license. There are two VPN encryption options, DES which
supports 56-bit DES encryption or 3DES which supports both 168-bit 3DES and up
to 256-bit AES encryption.
PIX 515E Security Appliance
The Cisco PIX 515E Security Appliance
delivers enterprise-class security for small-to-medium business and enterprise
networks. The chassis is one-rack unit (1RU) in size. The PIX 515E supports up
to six 10/100 Ethernet ports
. With the
restricted license, it supports three interfaces and ten VLANs. With the
unrestricted license (UR), it supports six interfaces, 25 VLANs, and five
security contexts.
This model also features integrated hardware-based
IPSec acceleration, delivering VPN performance of up to 130 Mbps while freeing
system resources for other security functions. IPSec acceleration is provided
by an integrated PIX Firewall VPN Accelerator Plus card (VAC+), or the PIX
Security Appliance VAC. There is more information on the VAC and VAC+ cards
later in this lesson.
The PIX 515E Security Appliance comes with 16 MB of
Flash memory and uses TFTP for image download and upgrade.
PIX 525
Security Appliance
The PIX 525 Security Appliance delivers
enterprise-class security for medium-to-large enterprise networks
. The modular
two-rack unit (2RU) design incorporates two 10/100 Fast Ethernet interfaces and
supports a combination of additional 10/100 Fast Ethernet interfaces or Gigabit
Ethernet interfaces. With the restricted license, it supports up to six
interfaces and 25 VLANS. With the UR license, it supports up to ten interfaces,
100 VLANs, and 50 security contexts.
The PIX 525 Security Appliance also
offers multiple power supply options. Either AC or a 48 DC power supply is
available. Either option can be paired with a second power supply for
redundancy and high availability.
PIX 535 Security
Appliance
The PIX 535 Security Appliance delivers enterprise-class
security for large enterprise and service provider networks
. The modular
three-rack unit (3RU) design supports a combination of up to 10/100 Fast
Ethernet interfaces or Gigabit Ethernet interfaces, integrated VPN accelerator
card, as well as redundant power supplies. With the restricted license, it
supports up to eight interfaces and 50 VLANs. With the UR license, it supports
up to fourteen interfaces, 200 VLANs, and 100 security contexts.
The PIX
535 Security Appliance has a throughput of 1.7 Gbps with the ability to handle
up to 500,000 concurrent connections and 5,000 IPSec tunnels. The PIX 535 comes
with 16 MB of Flash memory.
 |
NOTE:
If, after configuring a PIX Security Appliance for Gigabit Ethernet
cards, if the cards are replaced with 10/100 Ethernet cards, the order of the
cards in the configuration changes from what was originally configured. For
example, if a Gigabit Ethernet card is configured as ethernet0 and assigned to
the inside interface, this card may no longer appear as ethernet0 if it is
replaced with a 10/100 Ethernet card.
|