Book Excerpt: Cisco Secure Internet Security Solutions, Part 1 - Page 2

By Cisco Press | Posted Sep 12, 2001
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

PIX Models
The PIX Firewall comes in four main models, with an additional model that's being phased out. Ranging in size from models designed for the home or small office through enterprise level firewalls, the PIX models allow for virtually any size of organization to be protected.

The models are as follows:

  • PIX 506
  • PIX 515
  • PIX 520/525
  • PIX 535
The features of each model follow.

PIX 506
The PIX 506 is the smallest of the PIX Firewalls available. Currently list-priced at less than U.S. $2000, the 506 is designed for firewall protection of the home or small business office. The 506 is approximately one-half the width of the rest of the PIX models. The capabilities and hardware features of the 506 are as follows:

  • 10 Mbps throughput
  • 7 Mbps throughput for Triple Data Encryption Standard (3DES) connections
  • Up to ten simultaneous IPSec Security Associations (SAs)
  • 200 MHz Pentium MMX processor
  • 32 MB SDRAM
  • 8 MB Flash memory
  • Two integrated 10/100 ports

PIX 515
The PIX 515 is designed for larger offices than those of the 506. There are three main advantages of the 515 over the 506. The first advantage is the ability to create demilitarized zones (DMZs) through the use of an additional network interface. The second advantage is the throughput speed and number of simultaneous connections supported. The third advantage is the ability to support a failover device that will assume the duties of the primary PIX should there be a failure. The PIX 515 comes in two models, the 515 Restricted (515-r) and the 515 Unrestricted (515-ur). The characteristics of these two models follow.
PIX 515-r:

  • No failover devices supported.
  • A single DMZ can be used.
  • Ethernet must be the LAN protocol.
  • Maximum of three interfaces may be used.
  • 32 MB RAM.
PIX 515-ur:
  • Failover devices are supported.
  • Two DMZs may be implemented.
  • Ethernet must be the LAN protocol.
  • Maximum of six interfaces may be used.
  • 64 MB RAM.
These two models are essentially the same hardware with different memory and software. It is possible to purchase a 515-r and upgrade it to a 515-ur by adding more memory and updating the operating system. The net cost to the user is very close to the purchase price of a 515-ur. The capabilities and hardware features of the 515 follow:
  • Rack mountable
  • Up to 100,000 simultaneous connections
  • Up to 170 Mbps throughput
  • Up to four interfaces
  • Up to 64 MB SDRAM
  • 16 MB Flash memory
  • 200 MHz Pentium MMX processor

PIX 520/525
The PIX 520, sometimes called the classic PIX, is in the process of being phased out in favor of the newer design of the model 525. Both of these firewalls have the same underlying hardware.

The PIX 525 is designed for a large organization and has the following capabilities and hardware features:

  • Rack mountable
  • More than 256,000 simultaneous connections
  • Six to eight integrated Ethernet cards
  • Up to four Token Ring cards
  • Up to four FDDI or four Gigabit Ethernet cards
  • More than 240 Mbps throughput
  • Up to 256 MB RAM

PIX 535
The PIX 535 is designed for large enterprise and Internet service provider (ISP) environments where an extreme amount of traffic must be secured. This is presently the largest PIX Firewall available and has the following capabilities and hardware features:

  • Rack mountable
  • More than 500,000 simultaneous connections
  • Six to eight integrated Ethernet cards
  • Up to four Token Ring cards
  • Up to four FDDI or eight Gigabit Ethernet cards
  • More than 1,000 Mbps throughput
  • 512 to 1024 MB RAM

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter