Cisco Integrated Firewall Solutions



Similar documents
CISCO PIX SECURITY APPLIANCE LICENSING

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Cisco Conference Connection

Cisco Integrated Firewall Solutions

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

Cisco Secure Access Control Server Solution Engine

CISCO METRO ETHERNET SERVICES AND SUPPORT

CISCO NETWORK CONNECTIVITY CENTER

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

Cisco CNS NetFlow Collection Engine Version 4.0

CISCO IOS IP SERVICE LEVEL AGREEMENT

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

Cisco CNS NetFlow Collection Engine Version 5.0

How To Get A New Phone System For Your Business

Cisco IOS Firewall Intrusion Detection System

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

It looks like your regular telephone.

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

NetFlow Feature Acceleration

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

Cisco IT Data Center and Operations Control Center Tour

CISCO WIRELESS SECURITY SUITE

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

Cisco Router and Security Device Manager File Management

Cisco Router and Security Device Manager Dial-Backup Solution

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

Cisco 7200 Series Enterprise WAN Aggregation Application

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

Cisco 2600XM DSL Router Bundles

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

Cisco Secure Policy Manager Version 3.1

E-Seminar. Financial Management Internet Business Solution Seminar

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

Cisco PIX Device Manager v3.0

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco AVVID Network Enterprise Data Center Solution Overview

Combined voice and data solution supports Orange s ongoing success in the UK business market

Cisco Systems GigaStack Gigabit Interface Converter

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

Cisco CSS Series Content Services Switch

SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK

Cisco 7200 and 7500 Series Routers

Optical Service Modules: OC-3/STM-1, OC-12/STM-4 and OC-48/STM-16 POS, OC-12/STM-4 ATM, Gigabit Ethernet WAN, Channelized T3 (CT3) and OC12/STM-4

CISCO MEETINGPLACE MANAGED SERVICE

Cisco VPN Security Routers Setting the Standard in Site-to-Site VPN Solutions

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

CISCO CALLMANAGER EXPRESS 3.2

Cisco Intelligent Contact Management Enterprise Edition

CISCO IPSEC VPN SERVICES MODULE FOR THE CISCO CATALYST 6500 SERIES AND CISCO 7600 SERIES

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

IP Networking and the Advantages of consolidation

Cisco GLBP Load Balancing Options

Cisco WebEx Social Compatibility Guide

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM.

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

Cisco Aironet 1130AG Series

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate

How To Outtask Metro Ether To A Managed Service Provider

CISCO CATALYST 3750 SERIES SWITCHES

Cisco VPN Solution Center 2.2

CISCO IP PHONE EXPANSION MODULE 7914

Cisco PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

CISCO MEETINGPLACE FOR OUTLOOK 5.3

Cisco SMB Class Solutions Your Next Phone System Purchase

CISCO AIRONET POWER INJECTOR

Cisco Outbound Option

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

Cisco 575 and 585 Customer Premise Equipment for Catalyst Long-Reach Ethernet Switches

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Cisco Solution Incentive Program Asia Pacific

SERIAL AND ASYNCHRONOUS HIGH-SPEED WAN INTERFACE CARDS FOR CISCO 1800, 2800, AND 3800 SERIES INTEGRATED SERVICES ROUTERS

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Cisco Business Communications Solution. Brochure

CISCO GUARD XT 5650 PRODUCT OVERVIEW

Enabling High Availability for Voice Services in Cable Networks

What is network convergence all about?

E-Seminar. E-Commerce Internet Business Solution Seminar

CISCO WAN MANAGER 15 DATA SHEET

How To Connect A Cisco Aironet 350 Series Wireless Bridge To A Network With A Wireless Bridge

Transcription:

Data Sheet Cisco Integrated Firewall Solutions Cisco PIX Security Appliances, Cisco IOS Firewall, and the Firewall Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers Networks are more critical than ever before. They provide a common infrastructure for converged data, voice, and video, and they support the business applications and processes organizations depend on to stay productive and competitive. Cisco Systems understands the security challenges that organizations face today, and empowers its customers to safely engage in business by providing them with best in-class security solutions. Instead of only providing point products that set a base level of security, Cisco s philosophy is to embed security throughout the network and integrate security services in all of its products resulting in greater security, and making security a transparent, scalable, and manageable aspect of the business infrastructure. Cisco PIX security appliances, the Cisco IOS Advanced Security Feature Set, and the security services modules for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers are integrated security solutions that best represent the Cisco security philosophy. Each of these products integrates comprehensive firewall, intrusion protection, and VPN technologies in a cost-effective, single-box format. Customers implementing these integrated solutions benefit from enhanced security, lower cost of ownership, and lower operational costs all resulting from the increased intelligence sharing of integrated security services in a single platform. Integrated Firewall Solutions to Meet Every Need Cisco PIX security appliances, Cisco IOS Firewall, and the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers are Cisco s flexible integrated firewall solutions. Based on modular, scalable platforms, each offering is designed with a particular feature set, to better secure different network environments. These solutions can be independently deployed to secure specific areas of the network infrastructure, or can be combined for a layered, defense-in-depth approach following the design best practices described in the SAFE Blueprint from Cisco. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management product portfolio, ranging from Cisco IOS Software security features and embedded device managers to standalone management applications, helping to ensure that customers can effectively manage their Cisco security infrastructure investments. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 1 of 13

Cisco PIX Security Appliances The world-leading Cisco PIX Security Appliance Series is a family of specialized appliances that provide robust integrated network security services, including stateful inspection firewalling, VPNs, and inline intrusion protection (Figure 1). The Cisco PIX family ranges from compact, plug-and-play desktop firewalls for small and home offices to modular, carrier-class gigabit firewalls for the most demanding enterprise and service-provider environments. The Cisco PIX security appliance is the ideal solution for customers looking for a best-of-breed firewall, with state-of-the-art application and protocol inspection and complete multimedia and voice support. It is an excellent option for organizations whose security policies mandate the segregation of the security infrastructure, setting a clear demarcation between security and network operation. Figure 1 Cisco PIX Security Appliance Portfolio Cisco PIX 501 Cisco PIX 506E Cisco PIX 515E Cisco PIX 525 Cisco PIX 525 Cisco PIX 535 Teleworker/SOHO (1 20 users) Small Branch (20 99 users) Medium Branch (100 999 users) Enterprise Branch (100 999 users) Enterprise Edge Enterprise HQ Data Center Note: Figure 1 provides general guidelines. Network environments should be scaled on applications requirements, not solely on the size of the network. Built upon a hardened, purpose-built operating system that delivers rich security services, Cisco PIX security appliances provide the highest levels of security and have earned many industry evaluations and certifications, including Common Criteria Evaluation Assurance Level (EAL) 4 status, as well as ICSA Labs Firewall and IP Security (IPSec) certification. The appliances provide advanced security services for multimedia and voice standards, including H.323 versions 2-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), allowing businesses to securely take advantage of the many benefits that converged data, voice, and video networks deliver. Administrators can choose from several products that meet their operational requirements for remotely configuring, monitoring, and troubleshooting Cisco PIX security appliances. Administrators can manage Cisco PIX security appliances using a convenient command-line interface (CLI) through numerous methods, including Telnet, Secure Shell (SSH), or out-of-band via a console port. Alternatively, the Cisco PIX Device Manager (PDM) is a Web-based device configuration tool embedded within the appliances that enables users to graphically set up, configure, and monitor their Cisco PIX security appliances without requiring extensive knowledge of the CLI. In addition, several informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Secure communication allows efficient management of local or remote Cisco PIX security appliances. Cisco PIX security appliances also include robust auto-update capabilities, a set of revolutionary secure All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 2 of 13

remote-management services that ensure firewall configurations and software images are kept up to date. In addition, Cisco PIX security appliances are supported by several configuration and monitoring tools available from Cisco AVVID (Architecture for Voice, Video and Integrated Data) partners. Table 1 summarizes the firewall performance of each Cisco PIX Security Appliance model. Table 1 Cisco PIX Security Appliance Firewall Performance Firewall Performance Cisco PIX 501: 60 Mbps Cisco PIX 506E: 100 Mbps Cisco PIX 515E: 188 Mbps Cisco PIX 525: 330 Mbps Cisco PIX 535: 1.6 Gbps Cisco IOS Firewall and the Advanced Security Feature Set Cisco IOS Firewall is the stateful firewall component of the Cisco IOS Advanced Security Feature Set 1, a security-specific option for Cisco IOS Software that integrates state-of-the-art firewall, leading VPN services, and intrusion protection capabilities onto the extensive Cisco IOS feature set (Figure 2). The Cisco IOS Advanced Security Feature Set runs on numerous Cisco IOS routers and represents the best option for customers of small and medium-sized offices looking to leverage their network infrastructures for security, while continuing to take advantage of Cisco IOS capabilities, including quality of service (QoS), multiprotocol, multicast, and advanced routing support. The Advanced IP Services Feature Set combines Cisco s comprehensive voice-over-ip (VoIP) support with advanced security features, integrating data and voice services while maintaining the highest security levels. The Cisco IOS Advanced Feature Set is an ideal solution for small offices and teleworkers because it combines the best security functions with the rich Cisco IOS feature set in a single device, with the widest option of WAN and LAN interfaces. Figure 2 Cisco IOS Firewall Portfolio Cisco 830 Cisco 1760 Cisco SOHO 90 Cisco 1700 Cisco 2600XM/2691 Cisco 3700 Cisco 7x00 Teleworker/SOHO (1 20 users) Small Branch (20-99 users) Medium Branch (100 999 users) Enterprise Branch (>100 users) Enterprise Edge Note: Figure 2 provides general guidelines. Network environments should be scaled on the applications requirements, not solely on the size of the network. 1. The Cisco Advanced Security Feature Set has been introduced in IOS Software release 12.3 as part of a new IOS packaging strategy that simplifies Cisco IOS Software feature sets. Prior to IOS Software release 12.3, Cisco IOS Firewall was bundled in the Cisco IOS Firewall Feature Set. For more details on the new IOS packing please visit Cisco s web site at: http://www.cisco.com/warp/public/732/releases/packaging/docs/pb.pdf All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 3 of 13

The integrated Cisco IOS Firewall uses a sophisticated firewall engine capable of dynamically controlling traffic flows based on application-level intelligence, providing enhanced security for complex applications such as VoIP. Currently supported multimedia and voice protocols are H.323v2, SIP, SCCP, and RTSP. The Cisco IOS Firewall also incorporates an inline intrusion protection service that provides real-time monitoring, interception, and response to network misuse with 100 common attack and information-gathering intrusion detection signatures. Other security features include destination URL policy management; denial-of-service (DoS) detection and prevention; dynamic port mapping; Java applet blocking; VPN QoS support; real-time alerts; audit trails; policy-based multi-interface support; Network Address Translation (NAT); bidirectional NAT; dual NAT; flexible multiprotocol access lists for IP and non-ip traffic; time-based access lists; peer router authentication; extremely robust authentication, authorization, and accounting (AAA) integrated with authentication proxy; per-user firewalls; and downloadable access lists. Cisco IOS IPSec has earned industry evaluations and certifications such as Common Criteria EAL 4 and ICSA Labs IPSec certification. The Cisco IOS Firewall can be managed using a convenient CLI through several methods, including Telnet, SSH, or out-of-band via a console port. Alternatively, the Cisco IOS Firewall can be configured and monitored using the Cisco Security Device Manager (SDM), an intuitive and secure Web-based device management tool embedded within the Cisco IOS firewalls. Cisco SDM simplifies device and security configuration through smart wizards to enable customers to quickly and easily deploy, configure, and monitor a Cisco IOS Firewall without requiring extensive knowledge of the Cisco IOS CLI. In addition, Cisco IOS Firewall incorporates AutoSecure, a feature introduced in Cisco IOS Software Release 12.3 that eliminates the complexity of securing a router by automating the configuration of security features and the removal of insecure features enabled by default. This new Cisco IOS Software feature simplifies the security process, enabling a rapid implementation of security policies and procedures to ensure secure networking services. Cisco IOS Firewall can also be configured and monitored using tools available from Cisco AVVID partners. Table 2 shows the firewall performance of different Cisco IOS router platforms running Cisco IOS Firewall. Table 2 Cisco IOS Firewall Performance Firewall Performance Cisco SOHO 90: 10 Mbps Cisco 830: 10 Mbps Cisco 1710: 20 Mbps Cisco 1711: 20 Mbps Cisco 1712: 20 Mbps Cisco 1721: 20 Mbps Cisco 1751: 20 Mbps Cisco 1760: 20 Mbps Cisco 2611XM: 50 Mbps Cisco 2621XM: 50 Mbps Cisco 2651XM: 55 Mbps Cisco 2691: 200 Mbps 1 Cisco 3725: 200 Mbps 1 Cisco 3745: 200 Mbps 1 1. These numbers do not correspond to NM-1GE or NM-16ESW high-speed Ethernet network modules. FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. The module provides the fastest firewall data rates in the industry 5 Gbps throughput, 100,000 connections per second (cps), and 1 million concurrent connections. Up to four FWSMs can be installed in the same chassis, providing an unmatched 20 Gbps of firewalling capacity per chassis. The FWSM can also be combined with All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 4 of 13

other Cisco security service modules such as the Intrusion Detection Service Module (IDSM-2), IPSec VPN Service Module (VPNSM), and the Series Network Analysis Module (NAM-1 and NAM-2). This modular approach allows customers to leverage their existing switching and routing infrastructures at a low cost, while obtaining the highest performance available in the industry. The FWSM is an optimal solution for data centers, enterprise headends, and distribution points. Installed inside a Cisco Catalyst 6500 Series switch or Cisco 7600 Series Internet Router, the FWSM allows any port on the device to operate as a firewall port and integrates stateful firewall security inside the network infrastructure. This becomes especially important where rack space is at a premium. The Cisco Catalyst 6500 emerges as the IP services switch of choice for customers requiring intelligent services such as firewall services, intrusion detection, and VPN, along with multilayer LAN, WAN, and MAN switching capabilities. Figure 3 FWSM for Catalyst 6500 Series Switches and Cisco 7600 Series Routers The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX operating system a secure, real-time operating system. The FWSM offers a unique combination of performance and security on the same platform, using proven Cisco PIX technology for inspecting packets. The Cisco FWSM is also supported by the Cisco PIX Device Manager (PDM) for configuration, monitoring, and troubleshooting. Additionally, the FWSM is supported by Cisco AVVID partners for configuration and monitoring. When to Deploy Each Cisco Integrated Firewall Solution Cisco PIX security appliances, the Cisco IOS Firewall, and the FWSM all incorporate leading-edge firewall technologies and have many benefits and features in common; however, each solution has been specifically engineered for specific environments. The following tables show the similarities and differences of these solutions, and provide the general guidelines to help network designers decide when to deploy each solution and how to take maximum advantage of their individual capabilities. Table 3 Features and Benefits Common to the Cisco PIX Security Appliance, Cisco IOS Firewall, and the Cisco FWSM Feature Stateful inspection firewalling Application and protocol inspection Benefit Provides robust network and application security by enforcing administrator-defined access control policies while performing deep packet inspection and tracking the state of all network communications. Delivers enhanced application and protocol security by using specialized inspection engines capable of examining data streams at Layers 4-. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 5 of 13

Table 3 Features and Benefits Common to the Cisco PIX Security Appliance, Cisco IOS Firewall, and the Cisco FWSM (Continued) Feature Dynamic, per-user authentication and authorization Dynamic and static NAT and Port Address Translation (PAT) Content filtering Remote management Administrative access control based on AAA Multiple DMZ support Extensive multimedia support, including streaming video, streaming audio, and voice applications DoS protection Secure dynamic routing Benefit Provides flexible user authentication and authorization via integration with Cisco Secure Access Control Sever (ACS) using RADIUS and TACACS+ protocols, which allows for integration into numerous user databases, including Microsoft Active Directory, Microsoft Windows NT domains, LDAP directories, and one-time password systems. Provides extensive NAT application and protocol support and protects internal network addresses from the outside, providing an additional level of security. Improves employee productivity through integration with leading third-party URL filtering solutions; supports URL filtering and blocks malicious Java applets. Offers a wealth of remote-management methods for configuration, monitoring, and troubleshooting. Management solutions range from highly scalable, centralized management tools to integrated, Web-based management, to support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. Provides granular control for administrative access based on the AAA services provided by the TACACS+ and RADIUS protocols. This allows administrators to enforce access policies to the level of what services and commands are allowed to each admin user or group. Supports additional physical or virtual network interfaces that can provide protected access to servers (such as Web, e-mail, FTP, or DNS) on a shared network (DMZ). Provides rich stateful inspection firewalling services for wide range of VoIP standards and other multimedia standards, allowing businesses to securely take advantage of the many benefits that converged data, voice, and video networks provide, such as improved productivity and competitive advantage. Provides several mechanisms to block and mitigate DoS attacks, such as TCP Intercept, TCP SYN cookies, DNS Guard, Flood Defender, Flood Guard, Mail Guard, and Unicast Reverse Path Forwarding (urpf). Supports Message Digest Algorithm 5 (MD5)-based and plain-text routing authentication for Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), preventing route spoofing and various routing-based DoS attacks. Table 4 When to Choose Cisco PIX Security Appliances Customer Requirement Purpose-built, best-of-breed, all-in-one security appliance Dedicated device for enterprise headends and data centers Cisco PIX Security Appliance Benefit Cisco PIX security appliances provide state-of-the-art integrated network security services, including stateful inspection firewalling, protocol and application inspection, VPNs, inline intrusion protection, and rich multimedia and voice security. Cisco PIX security appliances are security-specialized and run a hardened, embedded operating system, eliminating the common security holes of general purpose operating systems, and providing an unmatched system of overall security. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 6 of 13

Table 4 When to Choose Cisco PIX Security Appliances (Continued) Customer Requirement Separated security infrastructure High availability Cisco PIX Security Appliance Benefit Cisco PIX security appliances can be implemented as dedicated security systems, that providing advanced security features allow an effective segregation of the security infrastructure from the rest of the network. Cisco PIX security appliances can be deployed in pairs to provide stateful failover services that help to ensure resilient network protection for the most critical environments. The appliances configured as failover pairs continuously synchronize their connection state and device configuration data, and in the event of a system or network failure, network sessions are automatically transitioned between appliances, with absolute transparency to users. Table 5 When to Choose Cisco IOS Firewall Customer Requirement One-box solution combining powerful security, QoS, multiprotocol routing, integrated WAN interfaces, and voice application support Leverage network infrastructure for security Extensive VPN support integrated with firewalling in a single device Cisco IOS Firewall Benefit The Cisco IOS Advanced Security Feature Set provides a comprehensive, integrated security solution, including stateful packet filtering, intrusion detection and protection, per-user authentication and authorization, VPN capability, extensive QoS mechanisms, multiprotocol routing, voice application support, and integrated WAN interface support in one box. The Cisco IOS Firewall can be loaded on existing Cisco IOS routers, providing greater investment protection in the network infrastructure. Reusing the same hardware chassis and components not only reduces the cost of ownership, but also the costs of operation the same management infrastructure can be used and no additional staff training is required. Deploying Cisco IOS Firewall with Cisco IOS encryption and QoS VPN features enables secure, low-cost transmissions over public networks. Cisco IOS Firewall provides the most extensive VPN support, including but not limited to Dynamic Multipoint VPN (DMVPN), IPSec stateful failover, Easy VPN Remote, Easy VPN Server, site-to-site VPNs, Advanced Encryption Standard (AES), VPN acceleration cards, Voice and Video-Enabled VPN (V3PN), and VPN QoS. Table 6 When to Choose Cisco FWSM Customer Requirement Large enterprise headends and data centers Leverage network and switching infrastructure at the headend or data center Cisco FWSM Benefit The Cisco FWSM provides the fastest firewall performance in the industry 5 Gbps throughput, 100,000 connections per second (cps), and 1 million concurrent connections. Up to four FWSMs can be deployed in the same chassis for a total of 20 Gbps of throughput. A single FWSM can support up to 2000 virtual interfaces (256 per context), and a single chassis can scale up to a maximum of 4096 VLANs. The FWSM can be deployed in existing Cisco Catalyst 6500 Series switches or Cisco 7600 Series routers, providing greater investment protection. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 7 of 13

Table 6 When to Choose Cisco FWSM Customer Requirement Firewall virtualization High availability Cisco FWSM Benefit A single FWSM can be partitioned into multiple virtual firewalls (security contexts). Up to 256 security contexts can be defined per module. This allows service providers and large enterprises to segregate different customers or functional areas over the same physical infrastructure. Virtual firewall support will be introduced with the Cisco FWSM 2.1 in Q4 CY2003. The FWSM can be deployed in pairs to provide intra- or interchassis stateful failover services that ensure resilient network protection for the most critical environments. Modules configured in failover mode continuously synchronize their connection state and device configuration data, and in the event of failure, modules failover with absolute transparency to users. Figure 4 illustrates how Cisco integrated firewall solutions can be deployed together to secure an enterprise network. Figure 4 How Cisco Integrated Security Solutions Secure Your Enterprise Network SOHO SOHO Cisco PIX Security Appliance Cisco IOS Firewall WAN/QoS Headquarters Cisco PIX Security Appliance Branch Office with Cisco PIX Security Appliance Perimeter Router Cisco IOS Firewall V3PN/Multi-protocol Cisco FWSM or Cisco PIX Security Appliance Branch Office with Cisco IOS Firewall Cisco Security Management Solutions In addition to the embedded device managers on the Cisco Firewall Solutions, Cisco provides standalone security management applications for customers looking to manage beyond the 1-5 devices that the embedded managers are designed for. All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 8 of 13

For customers looking for comprehensive security management, policy administration, monitoring, and analysis for Cisco Firewall Solutions, Cisco provides the CiscoWorks VPN/Security Management Solution (VMS). CiscoWorks VMS is an integral part of the SAFE Blueprint for enterprise network security, and protects the productivity of organizations by combining Web-based tools for configuring, monitoring, and troubleshooting VPNs, firewalls, and network- and host-based intrusion detection systems (IDSs). CiscoWorks VMS delivers VPN configuration management, firewall management, surveillance, device inventory, and software version management features from a single management console. For customers looking to offer firewall managed services built on Cisco firewall solutions, Cisco offers the Cisco IP Solution Center (ISC). Cisco ISC implements a business-centric, policy-level management model that allows customers to define high-level security policies, while the application of those policies to specific network devices is offloaded to the Cisco ISC software. The Cisco ISC Security Management Module provides full support for the provisioning and management of LAN-to-LAN VPN, remote-access VPN, EZ VPN, DMVPN, firewall, NAT, and QoS technologies for numerous Cisco security devices (Cisco IOS Firewall, Cisco PIX Security Appliance, and Cisco VPN 3000 Series Concentrator, for example). Cisco also offers the CiscoWorks Security Information Management Solution (SIMS). With CiscoWorks SIMS, customers can manage a growing multivendor security infrastructure without increasing the size of existing security staff. CiscoWorks SIMS lets customers normalize, aggregate, correlate, and visualize the thousands of security alerts received every day from security devices and applications. CiscoWorks SIMS is available for ordering as a software-only option that provides the flexibility to implement a multitier server architecture that is suitable for larger deployments; and as an appliance option, which consists of the CiscoWorks SIMS pre-installed on the Cisco 1160 hardware solution platform. Product Ordering Information Table 7 lists the product numbers for Cisco PIX security appliances, Cisco IOS routers, and the FWSM for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. Table 7 Product Ordering Information Product Number PIX-501-BUN-K9 PIX-501-50-BUN-K9 PIX-501-UL-BUN-K9 Description Cisco PIX 501 10-user bundle (chassis, latest Cisco PIX software, 10-user and Triple Data Encryption Standard [3DES] licenses, integrated 4-port 10/100 switch and 10/100 port) Cisco PIX 501 50-user bundle (chassis, latest Cisco PIX software, 50-user and 3DES licenses, integrated 4-port 10/100 switch and 10/100 port) Cisco PIX 501 unlimited user bundle (chassis, latest Cisco PIX software, unlimited user and 3DES licenses, integrated 4-port 10/100 switch and 10/100 port) PIX-501 Cisco PIX 501 chassis, software, 10-user license, integrated 4-port 10/100 switch and 10/100 port PIX-501-SW-10 10-user license for Cisco PIX 501 PIX-501-SW-50 50-user license for Cisco PIX 501 PIX-501-SW-UL Unlimited user license for Cisco PIX 501 PIX-506E Cisco PIX 506E chassis, software, two 10/100 ports All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 9 of 13

Table 7 Product Ordering Information (Continued) Product Number PIX-506E-BUN-K9 PIX-515E PIX-515E-DC PIX-515E-R-BUN PIX-515E-R-DMZ-BUN PIX-515E-UR-BUN PIX-515E-UR-FE-BUN PIX-515E-FO-BUN Description Cisco PIX 506E 3DES/AES bundle (chassis, software, two 10/100 ports, 3DES/AES license) Cisco PIX 515E chassis only Cisco PIX 515E DC chassis only Cisco PIX 515E restricted bundle (chassis, restricted software, two 10/100 ports, 32 MB RAM) Cisco PIX 515E DMZ bundle (chassis, restricted software, three 10/100 ports, 32 MB RAM) Cisco PIX 515E unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 64 MB RAM, VAC or VAC+) Cisco PIX 515E unrestricted 6-port Fast Ethernet bundle (chassis, unrestricted software, six 10/100 ports, 64 MB RAM, VAC or VAC+) Cisco PIX 515E failover bundle (chassis, failover software, two 10/100 ports, 64 MB RAM, VAC or VAC+) PIX-515E-FO-FE-BUN Cisco PIX 515E failover 6-port Fast Ethernet bundle (chassis, failover software, six 10/100 ports, VAC or VAC+) PIX-515E-DC-R-BUN PIX-515E-DC-UR-BUN PIX-515E-DC-FO-BUN PIX-515E-HW PIX-525 PIX-525-DC PIX-525-R-BUN PIX-525-UR-BUN PIX-525-UR-GE-BUN PIX-525-FO-BUN PIX-525-FO-GE-BUN PIX-535 PIX-535-R-BUN Cisco PIX 515E DC restricted bundle (chassis, restricted software, two 10/100 ports, 32 MB RAM) Cisco PIX 515E DC unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 64 MB RAM, VAC or VAC+) Cisco PIX 515E DC failover bundle (chassis, failover software, two 10/100 ports, 64 MB RAM, VAC or VAC+) Cisco PIX 515E rack mount kit, console cable, failover serial cable Cisco PIX 525 chassis only Cisco PIX 525 DC chassis only Cisco PIX 525 restricted bundle (chassis, restricted software, two 10/100 ports, 128 MB RAM) Cisco PIX 525 unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 256 MB RAM, VAC or VAC+) Cisco PIX 525 unrestricted 2 Gigabit Ethernet + 2 Fast Ethernet bundle (chassis, unrestricted software, 2 Gigabit Ethernet + 2 10/100 ports, 256 MB RAM, VAC or VAC+) Cisco PIX 525 failover bundle (chassis, failover software, two 10/100 ports, 256 MB RAM, VAC or VAC+) Cisco PIX 525 failover 2 Gigabit Ethernet + 2 Fast Ethernet bundle (chassis, failover software, 2 Gigabit Ethernet + 2 10/100 ports, VAC or VAC+) Cisco PIX 535 chassis only Cisco PIX 535 restricted bundle (chassis, restricted software, two 10/100 ports, 512 MB RAM) All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 10 of 13

Table 7 Product Ordering Information (Continued) Product Number PIX-535-UR-BUN PIX-535-FO-BUN PIX-535-HW CISCOSOHO91-K9 CISCOSOHO96-K9 CISCOSOHO97-K9 CISCO831-K9 CISCO836-K9 CISCO837-K9 CISCO1710-VPN-M/K9 CISCO1711-VPN/K9 CISCO1712-VPN/K9 CISCO1721-VPN/K9 CISCO1751-VPN/K9 CISCO1760-VPN/K9 CISCO1760-V3PN/K9 C2611XM-2FE/VPN/K9 C2621XM-2FE/VPN/K9 C2651XM-2FE/VPN/K9 C2691-VPN/K9 C3725-VPN/K9 C3745-VPN/K9 NM-CIDS-K9 NM-CE-20G Description Cisco PIX 535 unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 1 GB RAM, VAC or VAC+) Cisco PIX 535 failover bundle (chassis, failover software, two 10/100 ports, 1 GB RAM, VAC or VAC+) Cisco PIX 535 rack mount kit, console cable, failover serial cable Cisco SOHO 91 Ethernet Router Cisco SOHO 96 ADSL over ISDN Router Cisco SOHO 97 ADSL Router Cisco 831 Ethernet Router Cisco 836 ADSL over ISDN Router Cisco 837 ADSL Router Dual-Ethernet Security Router VPN/FW/IDS 16 MB Flash/64 MB DRAM Security access router with integrated 4-port switch, 10/100BASE-TX for WAN and analog modem backup Security access router with integrated 4-port switch, 10/100BASE-TX for WAN and ISDN S/T backup Cisco 1721 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES Cisco 1751 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES Cisco 1760 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES Cisco 1760 VPN bundle with VPN module, 96 MB DRAM, IP Plus/VOX/FW/3DES Cisco 2611XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM Cisco 2621XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM Cisco 2651XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM Cisco 2691 VPN bundle, AIM-VPN/EPII, plus FW/IPSEC 3DES, 128 MB DRAM Cisco 3725 VPN bundle, AIM-VPN/EPII, plus IOS FW/IPSEC 3DES, 128 MB DRAM Cisco 3745 VPN bundle, AIM-VPN/HPII, plus IOS FW/IPSEC 3DES, 128 MB DRAM Cisco Intrusion Detection System Network Module for access routers Cisco Content Engine Network Module with Firewall URL Filtering for access routers WS-SVC-FWM-1-K9 FWSM for Cisco Catalyst 6500 WS-SVC-FWM-1-K9 FWSM for Cisco Catalyst 6500 (spare) SC-SVC-FWM-1.2-K9 Firewall Module Software for Cisco Catalyst 6500 SC-SVC-FWM-1.2-K9 Firewall Module Software for Cisco Catalyst 6500 (spare) All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 11 of 13

All part descriptions, part numbers, and prices of Cisco products can be accessed using the online Cisco Pricing Tool at: http://www.cisco.com/cgi-bin/front.x/pricing The Cisco Pricing Tool requires a user name and password. If you are not already registered, go to: http://www.cisco.com/register Follow the instructions. After you have registered, you may access the Cisco Pricing Tool. Additional Information For more information, please visit the following links. Cisco PIX Security Appliance Series: http://www.cisco.com/go/pix Cisco IOS Firewall: http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/index.shtml Cisco Firewall Services Module: http://www.cisco.com/en/us/products/hw/modules/ps2706/ps4452/index.html Cisco PIX Device Manager: http://www.cisco.com/en/us/products/sw/netmgtsw/ps2032/index.html Cisco Security Device Manager: http://www.cisco.com/en/us/products/sw/secursw/ps5318/index.html CiscoWorks VMS: http://www.cisco.com/en/us/products/sw/cscowork/ps2330/index.html Cisco ISC: http://www.cisco.com/en/us/products/sw/netmgtsw/ps4748/index.html CiscoWorks SIMS: http://www.cisco.com/en/us/products/sw/cscowork/ps5209/index.html SAFE Blueprint from Cisco: http://www.cisco.com/go/safe All contents are Copyright 1992 2003 All rights reserved. Important Notices and Privacy Statement. Page 12 of 13

Corporate Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe All contents are Copyright 1992 2003 All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, Catalyst, Cisco IOS, and PIX are registered trademarks of and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0304R) ETMG 203149 RD 11.03

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information