Models


The PIX Firewall has several different models, each intended to address the needs of a different portion of the firewall market. Because this book is targeted to small businesses and medium-to-small enterprises, the PIX 515E is the hardware that is used to do all the configurations herein.

The following models of the ASA/PIX Security Appliance can run the ASA/PIX version 7 operating system:

  • Cisco PIX Security Appliance 515E

  • Cisco PIX Security Appliance 525

  • Cisco PIX Security Appliance 535

  • Cisco ASA Security Appliance 5510

  • Cisco ASA Security Appliance 5520

  • Cisco ASA Security Appliance 5540

PIX 515E

The target market for the PIX 515E is the small business and low-to medium-end enterprise customers. The PIX 515E can handle 130,000 simultaneous connections. The theoretical limit for throughput on the 515E is 190 Mbps.

The PIX 515E can support multiple hardware interfaces, which makes the PIX 515E the lowest model Cisco PIX Firewall to support interface isolation (DMZ functionality). Unlike the smaller firewalls, the PIX 515E represents an ideal machine for companies that want to use public servers from the inside of their company network. With this firewall, you no longer have to worry that if hackers exploit one of your public servers that they might be able to exploit devices on the inside of your network.

Depending on licensing, the PIX 515E can support up to six different hardware interfaces. The PIX 515E is also the lowest PIX model that supports failover, which is a technology that allows a secondary PIX Firewall to take over operation if your primary firewall fails. The secondary PIX becomes a fully functional firewall in as little as 1.5 seconds.

PIX 525

The PIX 525 is a large enterprise or small service provider class machine. The 525 can handle 280,000 connections and can pass 330 Mbps. It can also support up to eight physical interfaces. All the concepts discussed and the configuration performed in this book using the ASDM apply to the PIX 525, too; because the target market for this book is smaller enterprises, however, the examples in this book focus on PIX 515E.

PIX 535

The PIX 535 is a large enterprise (with high-traffic requirements) service provider class machine. The 535 can handle 500,000 connections and can pass 1.7 Gbps. It can also support up to ten physical interfaces. The concepts discussed and the configurations performed in this book using the ASDM apply to the PIX 535, too.

Cisco ASA 5510 Security Appliance

The Cisco ASA 5510 Security Appliance is targeted to the small-to medium-size business/small enterprise market. Its estimated throughput is 300 Mbps, with 32,000 maximum connections with a base license and 64,000 with a security-plus license. The ASA Security Appliance optionally comes with an add-on security module that can accelerate the network intrusion prevention features.

Cisco ASA 5520 Security Appliance

The Cisco ASA 5520 Security Appliance is targeted to the medium-size business/ small-to medium-size enterprise market. Its estimated throughput is 450 Mbps, with 130,000 maximum connections. The ASA Security Appliance optionally comes with an add-on security module that can accelerate the network intrusion prevention features.

Cisco ASA 5540 Security Appliance

The Cisco ASA 5540 Security Appliance is targeted to the larger enterprise/small service provider market. Its estimated throughput is 650 Mbps, with 280,000 maximum connections. The ASA Security Appliance optionally comes with an add-on security module that can accelerate the network intrusion prevention features.

NOTE

All references to target market are generalized based on average business requirements. A small business might have enough traffic to justify a Cisco ASA 5540 Security Appliance or a small service provider might have only enough traffic to justify a Cisco ASA 5510 Security Appliance. Talk to your local Cisco representative to determine the correct hardware to support your network.




Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net