Cisco Secure PIX Firewall Series



Similar documents
Cisco PIX Firewall Series

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Cisco PIX vs. Checkpoint Firewall

- Introduction to PIX/ASA Firewalls -

Cisco Secure PIX Firewall Series

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Cisco VPN 3000 Concentrator Series

Stateful Inspection Technology

Cisco MCS 7825-H3 Unified Communications Manager Appliance

Securing Networks with PIX and ASA

Cisco Secure PIX Firewall Frequently Asked Questions

Cisco ASA, PIX, and FWSM Firewall Handbook

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Cisco MCS 7816-I3 Unified Communications Manager Appliance

Application Server V240 Platform

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

TABLE OF CONTENTS NETWORK SECURITY 2...1

Cisco SR 520-T1 Secure Router

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

SonicWALL Advantages Over WatchGuard

TABLE OF CONTENTS NETWORK SECURITY 1...1

WANic 800 & or 2 HSSI ports Up to 52 Mbps/port. WANic 850 & or 2 T3 or E3 ports Full-speed CSU/DSU. WANic 880.

Cisco 1600 Series Modular Desktop Access Routers

Network Security Firewall

Cisco MCS 7825-H2 Unified CallManager Appliance

Load Balance Router R258V

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Gigabit Multi-Homing VPN Security Router

INTRODUCTION TO FIREWALL SECURITY

Nokia IP Security Platforms Technical Specifications Guide Nokia Enterprise Solutions

Overview of the Cisco 2500 Series Access Server

Cisco 2600 Series Modular Access Routers

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Cisco IPS 4200 Series Sensors

Cisco ACE 4710 Application Control Engine

Cisco TelePresence Video Communication Server Starter Pack Express Bundle

Cisco 7816-I5 Media Convergence Server

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Cisco RV 120W Wireless-N VPN Firewall

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Cisco Application Networking Manager Version 2.0

SOHOware Long Reach Ethernet (LRE) Solution

Cisco Nexus 7000 Series Supervisor Module

Centralized Orchestration and Performance Monitoring

Datasheet. Advanced Network Routers. Models: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

EdgeRouter Lite 3-Port Router. Datasheet. Model: ERLite-3. Sophisticated Routing Features. Advanced Security, Monitoring, and Management

Chapter 1 Introduction

CiscoWorks Resource Manager Essentials 4.3

Cisco TelePresence Video Communication Server Expressway

APV9650. Application Delivery Controller

AP-GSS1500 TM 256Ch GSM SIM Server High Performance GSM SIM Server Solution

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

AP-GSS3000 TM 512Ch GSM SIM Server

Using a Firewall General Configuration Guide

Cisco Secure Control Access System 5.8

CheckPoint FireWall-1 Version 3.0 Highlights Contents

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco 3600 Series Multiservice Platforms

Customer Service Description Next Generation Network Firewall

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco 2500 Series. Product Overview. Key Features and Benefits. Specifications. Hardware

Servers, Clients. Displaying max. 60 cameras at the same time Recording max. 80 cameras Server-side VCA Desktop or rackmount form factor

Cisco ASA 5500-X Series Next-Generation Firewalls

Overview of Cisco 2600 Series Routers

Elfiq Link Load Balancer Frequently Asked Questions (FAQ)

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

Cisco 3600 Series Modular, High-Density Access Routers

High Availability Solutions & Technology for NetScreen s Security Systems

FIREWALLS & CBAC. philip.heimer@hh.se

v Installation Guide for Websense Enterprise v Embedded on Cisco Content Engine with ACNS v.5.4

Cisco ASA 5585-X Next-Generation Firewall

QuickSpecs. Models. Features and benefits Application highlights. HP 7500 SSL VPN Module with 500-user License

CiscoWorks Resource Manager Essentials 4.1

Gigabit SSL VPN Security Router

Gigabit Content Security Router

NETWORK MANAGEMENT SOLUTIONS

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Cisco M-Series Content Security Management Appliance for and Web Security Appliances

Chapter 8 Monitoring and Logging

Network Defense Tools

ACL Compliance Director FAQ

Configuring Failover. Understanding Failover CHAPTER

Cisco IPS 4200 Series Sensors

Cisco 7200 Series. Product Overview. Key Features and Benefits

Cisco MCS 7845-I2 Unified Communications Manager Appliance

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Understanding the Cisco VPN Client

Job Aid Pre-Installation Information S8500 Media Server

NIVEO Network Attached Storage Series NNAS-D5 NNAS-R4. More information:

Integrated Cisco Products

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

iguring an IPSec Tunnel Cisco Secure PIX Firewall to Checkp

Tk20 Network Infrastructure

EdgeMarc 4508T4/4508T4W Converged Networking Router

Transcription:

Cisco Secure PIX Firewall Series Product Overview The Cisco Secure PIX Firewall series delivers strong security in an easy-to-install, integrated hardware/software appliance that offers outstanding performance. The series allows you to rigorously protect your internal network from the outside world providing full firewall security protection. Unlike typical CPU-intensive full-time proxy servers that perform extensive processing on each data packet at the application level, Cisco Secure PIX Firewalls use a non-unix, secure, realtime, embedded system. The Cisco Secure PIX Firewalls deliver superior performance of up to 250,000 simultaneous connections, over 6,500 connections per second, and nearly 170 megabits per second (Mbps) throughput. This level of performance is dramatically greater than that delivered by other appliance-like firewalls or those based on general-purpose operating systems. Figure 22-1: Cisco Secure PIX Firewall 520 Front View Figure 22-2: Cisco Secure PIX Firewall 520 Rear View H7501 H10924 Visit Cisco Connection Online at www.cisco.com 1

100 Mbps Link FDX 100 Mbps Link FDX FAILOVER Figure 22-3: Cisco Secure PIX Firewall 515 Front View 27984 POWER ACT NETWORK PIX Firewall SERIES Figure 22-4: Cisco Secure PIX Firewall 515 rear View DO NOT INSTALL INTERFACE CARDS WITH POWER APPLIED PIX-515 27985 10/100 ETHERNET 1 10/100 ETHERNET 0 CONSOLE Key Features and Benefits Non-UNIX, secure, real-time, embedded system This design eliminates the risks associated with a general purpose operating system and allows the Cisco Secure PIX Firewall series to deliver outstanding performance up to 250,000 simultaneous connections dramatically greater than any UNIX-based firewall and without affecting end-user performance. Less complex and more robust than packet-filtering; higher performance and more scalable than application proxy firewalls The heart of the PIX Firewall series is the adaptive security algorithm (ASA), which maintains the secure perimeters between the networks controlled by the firewall. The stateful, connection-oriented ASA design creates session flows based on source and destination addresses, TCP sequence numbers (which are non-predictable), port numbers, and additional TCP flags. All inbound and outbound traffic is controlled by applying security policy to connection table entries. User authentication and authorization with cut-through proxy Cisco Secure PIX Firewall series gains further dramatic performance advantage through its patented method of transparently verifying the identity of users at the firewall and permitting or denying access to any TCP- or UDP-based application. This method eliminates the price/performance impact UNIX-based firewalls impose in similar configurations, and leverages the authentication and authorization services of CiscoSecure Access Control Server. For more information on CiscoSecure Access Control Server, available for both Windows NT and UNIX (Solaris), see the chapter CiscoSecure Access Control Server Software. Centralized configuration and management with the PIX Firewall Manager This Java-based graphical user interface (GUI) configuration tool lets the administrator use a Web browser to retrieve, edit, and centrally manage security policies. Separate tabs provide access to configuration information common to all PIX Firewalls being managed and to built-in reports for user-based accounting for web sites visited and volume of files transferred. The PIX Firewall Manager can automatically provide real-time alerts of any attempted firewall breaches through e-mail or pager notification. Platform extensibility To provide platform extensibility without sacrificing the benefits of an embedded system, the PIX Firewall series includes two hardware platforms, the PIX Firewall 515 and 520, which support a broad range of network interface cards (NICs). Standard NICs include single- or four-port 10/100 Ethernet cards, 4/16 Token Ring cards, and dual-attached multimode FDDI cards. FDDI cards and four-port Ethernet cards are supported in PIX beginning with version 4.4. Failover/hot standby upgrade option 2 Cisco Product Catalog, May, 2001

The PIX Firewall failover option ensures high availability and eliminates a single point of failure. With two PIX Firewalls running in parallel, if one malfunctions, the second PIX Firewall transparently maintains security operations. Synchronized configurations for effective recovery from hardware failure Simplified TFTP boot function allows consistent synchronization of multiple device configurations. Specifications Hardware Table 22-21: Technical Specifications for Cisco Secure PIX Firewall Description PIX Firewall 515-R PIX Firewall 515-UR PIX Firewall 520 PIX Firewall 520-DC Hardware Case 19-in. rack-mountable (comes with rack-mount hardware) 19-in. rack-mountable (comes with rack-mount hardware) 19-in. rack-mountable (comes with rack-mount hardware) 19-in. rack-mountable (comes with rack-mount hardware) Random Access Memory 32 MB 64 MB 128 MB 128 MB Console Port RJ-45 RJ-45 DB-9 EIA/TIA-232 DB-9 EIA/TIA-232 Boot/Update Device TFTP only TFTP only 3.5-in. floppy disk drive 3.5-in. floppy disk drive Failover Port 1 DB-25 EIA/TIA-232 DB-25 EIA/TIA-232 DB-25 EIA/TIA-232 DB-25 EIA/TIA-232 1. Failover requires special, Cisco cable Table 22-22: Power Requirements for Cisco Secure PIX Firewall Description PIX Firewall 515-R PIX Firewall 515-UR PIX Firewall 520 PIX Firewall 520-DC Autoswitching 100-240 VAC 100-240 VAC 100-240 VAC -48 VDC Frequency 50-60 Hz 50-60 Hz 50-60 Hz Current 1.5-0.75 Amps 1.5-0.75 Amps 4-2 Amps 4 Amps Table 22-23: Physical and Environmental Specifications for Cisco Secure PIX Firewall Description PIX Firewall 515-R PIX Firewall 515-UR PIX Firewall 520 PIX Firewall 520-DC Dimensions (H x W x D) 1.72 x 16.82 x 11.8 in. 1.72 x 16.82 x 11.8 in. 5.21 x 16.82 x 17.5 in. 5.21 x 16.82 x 17.5 in. (4.4 x 42.7 x 29.9 cm) (4.4 x 42.7 x 29.9 cm) (13.2 x 42.7 x 44.5 cm) (13.2 x 42.7 x 44.5 cm) Weight 11 lb. (4.9 kg) 11 lb. (4.9 kg) 21 lb. (9.5 kg) 21 lb. (9.5 kg) Operating Temperature -25 to 113 F (-5 to +45 C) -25 to 113 F (-5 to +45 C) -25 to 113 F (-5 to +45 C) -25 to 113 F (-5 to +45 C) Storage Temperature -77 to 158 F (-25 to +70 C) -77 to 158 F (-25 to +70 C) -77 to 158 F (-25 to +70 C) -77 to 158 F (-25 to +70 C) Operational Humidity 95% relative humidity (RH) 95% relative humidity (RH) 95% relative humidity (RH) 95% relative humidity (RH) Operational Altitude 9843 ft (3000m), 77 F (25 C) 9843 ft (3000m), 77 F (25 C) 9843 ft (3000m), 77 F (25 C) 9843 ft (3000m), 77 F (25 C) Heat Dissipation (Worst Case with Full Power Usage) 160.37 BTU/hr 160.37 BTU/hr 863.27 BTU/hr 863.27 BTU/hr Cisco Secure PIX Firewall Software PIX 520 - Connection licenses available for 128, 1024, and Unrestricted (more than 250,000) simultaneous connections PIX 515 - Only unrestricted licenses available PIX 520 - Ethernet, FDDI and Token Ring available PIX 515 - Restricted (no failover, 32 MB RAM, no option cards, 2 ethernet interfaces only) Visit Cisco Connection Online at www.cisco.com 3

PIX 515 - Unrestricted (64 MB RAM, failover, up to 6 ethernet interfaces) PIX 515 - Ethernet only Adaptive security algorithm (ASA) Cut-through proxy authenticates, authorizes, and enhances performance Multiple interface support (10/100 Mbps ethernet, Token Ring, FDDI) Up to 6 ethernet interfaces Failover/hot standby; synchronized configurations True Network Address Translation (NAT) as specified in RFC 1631 Port Address Translation (PAT) further expands a company s address pool-one IP address supports more than 64,000 hosts Mail Guard removes need for external mail relay server in perimeter network TACACS+, Radius authentication DNS Guard transparently protects outbound name and address lookups Flood Guard and Fragmentation Guard protect against denial of service attacks Java blocking eliminates potentially dangerous Java applets (not compressed or archived) Extremely high-performance URL filtering that surpasses the competition in any enterprise-scale network Cisco IOS-style command-line interface Extended authentication, authorization, and accounting capabilities Net Aliasing transparently merges overlapping networks with the same IP address space Enhanced granularity of inbound access (conduits) Allows use of existing registered IP addresses Extended access lists Ability to customize protocol ports Support for private networking of virtual sites at greater than 45 MB using Cisco proprietary Private Link 2. Enhanced customization of syslog messages Simple Network Management Protocol (SNMP) and syslog for remote management Reliable syslogging using either TCP or UDP Extended transparent application support (both with and without NAT enabled) includes: Sun remote procedure call (RPC) Microsoft Networking client and server communication (NetBIOS over IP) using NAT Multimedia, including Progressive Networks RealAudio, Xing Technologies Streamworks, White Pines CuSeeMe, Vocal Tec s Internet Phone, VDOnet s VDOLive, Microsoft s NetShow, VXtreme Web Theatre 2; and Intel s Internet Video Phone and Microsoft s NetMeeting (based on H.323 standards) Oracle SQL*Net client and server communication PIX Firewall Manager Specifications Hosted on a Windows NT 4.0 platform (required) Service Pack 4 compliant Each PIX Firewall Manager supports up to 10 PIX Firewalls for full logging, and configuration for up to 10 PIX Firewalls E-mail and pager alarms can be set based on single events or after a threshold is reached Built-in reports to display FTP and URL activity per user on a daily basis 4 Cisco Product Catalog, May, 2001

All configuration information sent between PIX Firewalls and PIX Firewall Manager are protected by a shared secret/ secure hash algorithm (MD5) Strong authentication (one-time password) support for PIX Firewall management sessions can be provided by CiscoSecure or other TACACS+ or RADIUS server Software For additional specifications, see the Cisco Secure PIX Firewall datasheet on the Cisco Web at www.cisco.com. For software options for the Cisco Secure PIX Firewall Series, see PIX Firewall Software in the following table. Visit Cisco Connection Online at www.cisco.com 5

Ordering Information Where to buy Cisco products Visit http://www.cisco.com/public/ordering_info.shtml Product and Part Numbers Part Numbers for the Cisco Secure PIX Firewall Part Description PIX Firewall Solutions PIX Private Link 2 card PIX Private Link 2 card, spare ONE 10/100 Mbps ETHERNET INTERFACES, RJ45 ONE 10/100 Mbps ETHERNET INTERFACES, RJ45 Single Gigabit Ethernet Interface for PIX Firewall Single Gigabit Ethernet Interface for PIX Firewall Single 66MHz Gigabit Ethernet Interface Single 66MHz Gigabit Ethernet Interface PIX Four-port 10/100 Ethernet interface PIX Four-port 10/100 Ethernet interface ONE 4/16 Mbps TOKEN-RING INTERFACE ONE 4/16 Mbps TOKEN-RING INTERFACE FAILOVER UPGRADE KIT - SW V3.0 OR LATER FDDI Interface for the PIX Firewall PIX FDDI Card PIX 506 (Chassis, software, two 10BaseT ports) 3DES Software Licence for PIX 506 3DES Software Licence for PIX 506 PIX 506 spare AC power supply 515 R to UR License Upgrade (includes 32 MB RAM) Software upgrade from Failover to UnRestricted for PIX 515 Software upgrade from Failover to Restricted for PIX 515 Blank to fill unused option slot on PIX 515 PIX 515 Chassis only PIX 515 DC Powered Firewall Appliance PIX 515 Unrestricted Function software license Part Number PIX-PL2 PIX-PL2= PIX-1FE PIX-1FE= PIX-1GE PIX-1GE= PIX-1GE-66 PIX-1GE-66= PIX-4FE PIX-4FE= PIX-1TR PIX-1TR= PIX-FO= PIX-FDDI PIX-FDDI= PIX-506 PIX-506-SW-3DES PIX-506-SW-3DES= PIX-506-PWR-AC= PIX-515-SW-UPG= PIX-515-SW-FO-UR= PIX-515-SW-FO-R= PIX-BLANK-SLOT PIX-515 PIX-515-DC PIX-515UR-SW 6 Cisco Product Catalog, May, 2001

Part Description PIX 515 spare AC power supply PIX 520 Chassis only PIX 520, -48VDC power chassis only software license for redundant PIX 520 PIX Firewall 525 Chassis PIX 525 DC Chassis PIX Firewall 535 Chassis PIX 535 512MB RAM Upgrade (2-256MB DIMM, UR Only) Redundant AC power supply for PIX 535 PIX 535 spare AC power supply Redundant DC power supply for PIX 535 PIX 535 spare DC power supply Blank to fill unused power supply slot on PIX 535 PIX Midrange license PIX Entry level license PIX Unrestricted license PIX Classic, 10K, 510, 520 Failover to entry license upgrade PIX Classic, 10K, 510, 520 failover to mid license upgrade PIX Classic, 10K, 510, 520 failover to UR license upgrade PIX Classic, 10K, 510, 520 Entry to midrange license upgrade PIX Classic, 10K, 510, 520 entry to UR license upgrade PIX Classic, 10K, 510, 520 midrange to UR license upgrade PIX Software Upgrade for Non-Support Customers 128 MB Mem Upg for PIX Firewall Models Prior to 500 Series 128 MB Memory Upgrade for PIX Firewall Models 510 and 520 PIX 52X 128MB RAM Upgrade (UR Only) PIX Firewall IPSec Accelerator PIX Firewall IPSec Accelerator PIX Firewall Software PIX Software Upgrade for Non-Support Customers PIX Software version 4.4 PIX version 4.4 software for 515 chassis. TFTP only. PIX v5.3 Software for the PIX Chassis Part Number PIX-515-PWR-AC= PIX-520 PIX-520-DC PIX-520-SW-FO PIX-525 PIX-525-DC PIX-535 PIX-535-MEM-512 PIX-535-PWR-AC PIX-535-PWR-AC= PIX-535-PWR-DC PIX-535-PWR-DC= PIX-535-PWR-BLANK PIX-CONN-1K PIX-CONN-128 PIX-CONN-UR PIX-CONN-FO-128= PIX-CONN-FO-1K= PIX-CONN-FO-UR= PIX-CONN-128-1K= PIX-CONN-128-UR= PIX-CONN-1K-UR= PIX-CONN-VER= PIX-MEM-UPG-128= PIX-MEM-5XX-128= PIX-52X-MEM-128 PIX-VPN-ACCEL PIX-VPN-ACCEL= PIX-CONN-VER= SF-PIX-4.4 SF-PIX515-4.4 SF-PIX-5.3 Visit Cisco Connection Online at www.cisco.com 7

Part Description PIX v5.2(3) Software, EAL4 certified, for the PIX Chassis Software upgrade from Failover to Restricted for PIX 515 Software upgrade from Failover to UnRestricted for PIX 515 PIX 515 Restricted Function software license PIX 525 Failover Software PIX 525 failover to restricted license upgrade PIX 525 failover to unrestricted license upgrade 525 R to UR License Upgrade (includes 128 MB RAM) PIX 525 Unrestricted Software PIX 535 failover to restricted license upgrade PIX 535 failover to unrestricted license upgrade 535 R to UR License Upgrade (includes 512 MB RAM) Failover Software License for PIX 535 Restricted Software License for PIX 535 PIX Firewall Bundles PIX 506 (Chassis, software, two 10BaseT ports) PIX 515FO Bundle (Chassis, failover SW, PIX 515R Bundle (Chassis, restricted SW, PIX 515UR Bundle (Chassis, unrestricted SW, PIX 515-R DC Bundle (Chassis, R software, two 10/100 ports) PIX 515-UR DC Bundle(Chassis, UR software, two 10/100 ports) Entry level PIX Firewall 520, two 10/100 Enet NICs Midrange PIX Firewall 520, two 10/100 Enet NICs PIX 520 Failover (Chassis, software, two 10/100 ports) Unrestricted PIX Firewall 520, two 10/100 Enet NICs PIX 525FO Bundle (Chassis, failover SW, PIX 525R Bundle (Chassis, restricted SW, PIX 525UR Bundle (Chassis, unrestricted SW, Part Number SF-PIX-5.2.3-EAL4 PIX-515-SW-FO-R= PIX-515-SW-FO-UR= PIX-515R-SW PIX-525-SW-FO PIX-525-SW-FO-R= PIX-525-SW-FO-UR= PIX-525-SW-R-UR= PIX-525-SW-UR PIX-535-SW-FO-R= PIX-535-SW-FO-UR= PIX-535-SW-R-UR= PIX-535FO-SW PIX-535R-SW PIX-506 PIX-515-FO-BUN PIX-515-R-BUN PIX-515-UR-BUN PIX-515-DC-R-BUN PIX-515-DC-UR-BUN PIX-520-128-CH PIX-520-1K-CH PIX-520-FO-BUN PIX-520-UR-CH PIX-525-FO-BUN PIX-525-R-BUN PIX-525-UR-BUN 8 Cisco Product Catalog, May, 2001

Part Description PIX 535FO Bundle (Chassis, failover SW, PIX 535UR Bundle (Chassis, unrestricted SW, PIX 535R Bundle (Chassis, restricted SW, PIX Firewall Flash Cards PIX 16MB ISA Flash card PIX Firewall Crypto PIX 3DES Software License Without Client Software PIX 3DES Software License Without Client Software Part Number PIX-535-FO-BUN PIX-535-UR-BUN PIX-535-R-BUN PIX-FLASH-16MB= PIX-VPN-3DES PIX-VPN-3DES= Documentation For part numbers for product specific documentation, visit http://www.cisco.com/univercd/cc/td/doc/pcat/swdo d1.htm Services and Support Table 22-24: Available Support Contracts for the Cisco Secure PIX Firewall Series Description PIX SMARTnet maintenance all versions PIX SMARTnet maintenance all versions (two-tier products) Part Number CON-SNT-PIX CON-SNT-PKG12 Visit Cisco Connection Online at www.cisco.com 9

10 Cisco Product Catalog, May, 2001

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information