1-3. Hardware and Performance Cisco offers firewall functionality in a variety of hardware platforms, many of which are network appliances, where the firewall is contained in a standalone chassis. These include the Cisco PIX Security Appliance and Cisco Adaptive Security Appliance (ASA) platforms. The FWSM is a "blade" or module that can be used in a Catalyst 6500 switch chassis. This moves the firewall presence into an infrastructure switch itself rather than an external appliance. Cisco also offers a firewall function as part of the Cisco IOS software, which can be run on many router platforms. This function allows an existing router to become a firewall too. Chapter 11, "Cisco IOS Firewall: Controlling Access," and Chapter 12, "Cisco IOS Firewall: Managing Activity," describe the IOS firewall feature in further detail. Table 1-1 lists the various firewall models, along with many of their specifications. This table provides a quick reference if you need to compare the capabilities or performance ratings of different models. Table 1-1. Cisco Firewall Specifications | PIX 501 | PIX 506E | PIX 515E | PIX 525 | PIX 535 | Catalyst 6500 FWSM | ASA 5510 | ASA 5520 | ASA 5540 |
---|
Operating System | PIX 6.3 | PIX 6.3 | PIX 6.3, PIX 7.x+ | PIX 6.3, PIX 7.x+ | PIX 6.3, PIX 7.x+ | FWSM 2.2+ | | | |
---|
Processor | 133-MHz AMD SC520 | 300-MHz Intel Celeron | 433-MHz Intel Celeron | 600-MHz Intel P3 | 1-GHz Intel P3 | Dual 1-GHz Intel P3 and three network processors (NPs) | | | | Memory | 16 MB | 32 MB | 64 MB | 256 MB | 1 GB | 1 GB | 256 MB | 512 MB | 1GB | Flash | 8 MB | 8 MB | 16 MB | 16 MB | 16 MB | 128 MB | 64 MB | 64 MB | 64 MB | Throughput | 60 Mbps | 100 Mbps | 188 Mbps | 330 Mbps | 1.7 Gbps | 5 Gbps | 300 Mbps | 450 Mbps | 650 Mbps | Concurrent Connections | 7500 | 25,000 | 130,000 | 280,000 | 500,000 | 1 million | 64,000 | 130,000 | 280,000 | Physical Interfaces | 1 10/100 (outside) 4-port 10/100 (inside) | 2 10/100 | 6 10/100 | 2 10/100 plus 8 10/100 or 3 GigE | 2 10/100 plus 12 10/100 or 9 GigE | 0 | 5 | 5 | 5 | Logical Interfaces | 0 | 0 | 8 | 10 | 24 | 100 | 10 | 25 | 100 | IDS | 55 | 55 | 55 | 55 | 55 | 0 | 1100 | 1100+ | 1100+ | Failover | No | No | Yes | Yes | Yes | Yes[1] | No | Yes | Yes | AAA and Cut-Through Proxy | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Command-Line Interface | Console, Telnet, Secure Shell (SSH) | Console, Telnet, SSH | Console, Telnet, SSH | Console, Telnet, SSH | Console, Telnet, SSH | Telnet, SSH | Console,Telnet, Secure Shell (SSH) | Console,Telnet, Secure Shell (SSH) | Console,Telnet, Secure Shell (SSH) | Management Platforms | PIX Device Manager (PDM), VPN/Security Management Solution (VMS), Auto Update | PDM, VMS, Auto Update | PDM/ASDM, VMS, Auto Update | PDM/ASDM, VMS, Auto Update | PDM/ASDM, VMS, Auto Update | PDM, VMS | PDM/ASDM, VMS, Auto Update | PDM/ASDM, VMS, Auto Update | PDM/ASDM, VMS, Auto Update | Routing | Static, RIP | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Static, RIP, OSPF | Security Contexts | 1 | 1 | 5 | 50 | 100 | 100 | 1 | 10 | 50 | VPN-Capable | Yes | Yes | Yes | Yes | Yes | No[2] | Yes | Yes | Yes |
[1] The FWSM supports only LAN-based failover, because it has no physical failover cable connector.
[2] The FWSM doesn't support any IPSec VPN features except for a 3DES tunnel that is used for management purposes. |