A PIX firewall falls into the category of stateful firewall. It provides security to the perimeter network by creating and maintaining the state information of connections. PIX boosts performance because its OS is embedded and runs directly from RAM for packet processing. Cisco Adaptive Security Appliance (ASA 5500 Series), is the next-generation security appliance, which runs the same OS as the PIX, but provides more security services (for example, an SSM blade for IPS, SSL VPN, and so on) than PIX Firewall. Beginning with Version 7.0, the ASA 5500 (minimum version requirement on the ASA is 7.0), and PIX platforms (running Version 7.0), provide the same firewall features. As the primary focus of this chapter is to discuss firewall features, additional services provided by the ASA 5500 (IPS, SSL, VPN, and so on) will not be discussed. The troubleshooting discussion in this chapter is based on the PIX platform, which also can be used for ASA 5500.
PIX Firewall has a very flexible and robust command-line interface (CLI) parser that is very similar to a router (in particular on PIX Version 7.0). In addition, a GUI such as Adaptive Security Device Manager or ASDM (formally known as PIX Device Manager or PDM) and a firewall management console (MC) can be used to manage the PIX firewall. Most troubleshooting, however, is performed using the CLI; hence the primary focus on the chapter is using the CLI on the new version of PIX, which is 7.0.