Cisco PIX 501 Firewall Introduction

The Cisco PIX 501 firewall provides enterprise-class security for small office and remote workers through a reliable, Plug and Play security device. The Cisco PIX 501 Firewall is part of the market-leading Cisco PIX Firewall series that delivers powerful security features, small office networking, and powerful remote management capabilities, especially for the security of high-speed, "sustainable" broadband environments with a compact, integrated solution.

Enterprise-class security for small office environments

The Cisco PIX 501 firewall is a security device designed for specific requirements that provides rich security services in a single device, including stateful monitoring firewalls, virtual private networks (VPNs), and intrusion prevention. Using Cisco's newest adaptive Security Algorithm (ASA) and the PIX operating system, PIX 501 ensures that all subsequent users are secure and can help them protect against potential Internet threats. Its powerful stateful monitoring technology can track network requests from all authorized users to prevent unauthorized network access. Using the PIX 501 Flexible access control feature, administrators can also implement customized policies for network traffic through firewalls. The Cisco PIX 501 firewall can also leverage its standards-based Internet Key Exchange (IKE)/IP Security (IPSEC) VPN capabilities to ensure the security of all network traffic between the remote office and the corporate network over the Internet. By encrypting data with 56-bit Data Encryption Standard (DES) or optional advanced 168-bit triple DES (3DES) encryption, you will not be able to peek into your sensitive enterprise data when it is securely transmitted across the Internet. The Integrated Intrusion Prevention feature of the PIX 501 protects your network from all kinds of common attacks. By looking for more than 55 different attacks "signatures," PIX can rigorously detect various attacks and can intercept them or notify you in real time.

By providing the same security features as Cisco's high-end gigabit PIX firewalls, PIX 501 delivers the rich protection that all broadband users need, through easy to use and deploy solutions.

Simple, high-speed, small office networking

The Cisco PIX 501 firewall provides a convenient way to share a broadband connection for multiple computers through its integrated, high-performance Quad-Port 10/100mbps switch. Also, the Cisco PIX Firewall can provide network address resolution (NAT) and port address resolution (PAT) and so on to hide the actual network address of your network device. Users can also use the Dynamic Host Configuration Protocol (DHCP) server built into the PIX to gain Plug and Play networking, which can automatically assign network addresses to computers under its jurisdiction after startup. The Cisco PIX 501 firewall provides the functionality necessary to seamlessly integrate with most broadband networking environments.

Powerful remote management capabilities

The PIX 501 is a reliable, maintainable platform that provides a variety of configuration, monitoring, and diagnostics. The scope of the PIX management solution is extensive-from an integrated, web-based management tool to a centralized, policy-based tool, as well as support for various remote monitoring protocols, such as Simple Network Management Protocol (SNMP) and system logs. The PIX Device Manager (PDM) provides an intuitive, web-based interface for administrators so that they can easily configure and monitor a PIX 501 without having to install any software on the administrator's computer (other than a standard Web browser). The command line interface (CLI) provided by PIX 501 enables administrators to remotely configure, monitor, and diagnose PIX 501 in a variety of ways, including remote login, security Interpreter (SSH), and Out-of-band access via control ports. Administrators can also easily manage many PX 501 firewalls remotely through Cisco Security Policy Manager (CSPM) 3.0 provided in the Cisco vpn/Security Management Solution (VMS). CSPM 3.0 is an extensible, next-generation PIX firewall Centralized management solution with a variety of features, including task-based interfaces, interactive network topology diagrams, policy wizards, policy output features, and more.

Table 1 main features and advantages of the product

Main Features	Advantages
Enterprise-Class Security
A real security device.	The use of a dedicated, enhanced operating system eliminates the security risks of the common operating system Cisco's quality and lack of movable components provide a highly reliable security platform.
Stateful monitoring firewall	Provide perimeter network security to prevent unauthorized network access. Use the latest adaptive Security Algorithm (ASA) to provide a robust stateful monitoring firewall service. Provides flexible access control capabilities for more than 105 pre-defined applications, services, and protocols, and enables the customization of applications and services. Includes a variety of "patches" that can be used to perceive applications to ensure the security of a variety of advanced network protocols (such as H.323, ISPs, skinny, RTSP, etc.). Includes content filtering for Java applets and ActiveX controls.
Vpn	Support for IKE and IPSec VPN standards Ensure data security/integrity, powerful, remote network authentication via the Internet Supports 56-bit DES and 168-bit 3DES data encryption to ensure data security
Intrusion detection	Provides protection against more than 55 common network attacks, ranging from deformable packet attacks to denial of service (DoS) attacks. Integrates with Cisco network intrusion Solutions The detection System (IDS) detector can dynamically block/avoid a compromised network node through a firewall.
AAA Support	Integrates with common identity authentication, authorization, and accounting services through tacacs+ and RADIUS support
X.509 Authentication and CRL support	Support for SCEP based registration through the leading X.509 solutions provided by Blatimore, Entrus, Microsoft and VeriSign
Integration with leading third party solutions	supports a wide range of Cisco Avvid (voice, video, and integrated Data architecture) partner solutions that provide URL filtering, content filtering, virus detection, and scalable remote management capabilities.
Integrated Cryptographic Lock Slots	Use a standard laptop to encrypt cable locks (locks not included) to physically ensure the security of PIX 501
A powerful small office networking feature
Integrated four-port	Provides a convenient, high-speed networked environment for small office environments through a compact, structured platform
10/100 switch	Automatic Mdix support, eliminating the need to use crossover cables for devices connected to the switch
DHCP client and server side	Automatically obtain the IP address of the firewall external interface from the telecommunications service provider Providing IP addresses for devices on the internal network of firewalls
Nat/pat Support	Provides dynamic/static network address translation (NAT) and port address translation (PAT) features Allow multiple users to share a broadband connection using the same public IP address
PPPoE (launched in the first quarter of 2002)	Ensure compatibility with networks that require support for PPPoE
Rich management capabilities
PIX Device Manager (PDM)	Intuitive, web-based GUI enables easy, secure remote management of PIX Firewalls Provides a variety of real-time and historical data reports that contain a great deal of information to help you get a deeper understanding of usage trends, performance, and security events.
Get support from Cisco Security Policy Manager (CSPM)	Scalable, unified management of all Cisco PIX Firewall products in the enterprise with CSPM's powerful policy management infrastructure
Cisco PIX CLI	Allows users to use existing PIX CLI technologies for easy installation and management without the need for further training can be accessed in a variety of ways, including console ports, remote landings, and CLI
SNMP and System log support	Provides remote monitoring and logging capabilities and integrates with Cisco and third party management applications

Software usage License

10 User Licenses

The 10 user licenses for Cisco PIX 501 firewalls can support 10 concurrent source IP addresses from your internal network through PIX 501. The integrated DHCP server can support up to 32 DHCP rentals.

50 User Licenses

The Cisco PIX 501 Firewall's 50 user licenses can support up to 50 concurrent source IP addresses from your internal network through PIX 501. The integrated DHCP server can support up to 128 DHCP rentals. As your needs grow, you can also purchase an upgrade license to increase the number of users from 10 to 50 users, thereby increasing your investment in PIX 501 devices.

3DES and Des use licenses

When you order PIX 501, you can select one of two encryption usage licenses (168-bit 3DES and 56-bit DES), or you can upgrade after purchase. Please note that these licenses are subject to U.S. restrictions on the export of encryption technology.

3DES and Des use licenses

Performance overview
Clear-Text throughput	10Mbps
Concurrent connections	3500
56-bit DES IPSEC VPN throughput	6Mbps
168-bit 3DES IPSec VPN throughput	3Mbps
Concurrent VPN tunnels	5*
* The maximum number of concurrent vpn/ike security Associations (SAS) supported
Technical Specifications
Processor	133MHz AMD SC520 Processor
Random Storage Memory	MB SDRAM
Flash	8 MB
Cache	128KB level two cache, frequency 433MHz
System bus	Single 32-bit, 33MHz pic bus
Scope of work environment
Working environment
Temperature	32° to 104°f (0° to 40 ℃)
Relative humidity	5% to 95%, non condensing
Height	0 to 6500 ft. (2000 m)
Impact	250g,<2ms
Vibration	0.41GRMS2 (3 to 500Hz) random input
Non-working environment
Temperature	-90 to 1490F (-200 to 650C)
Relative humidity	10% to 90%, non condensing
Height	0 to 15000 ft. (4570 m)
Impact	65g,8m
Vibration	1.12GRMS2 (3 to 500Hz) random input
Power
Input
Line Voltage Range	100V to 240V Communication
Rated line voltage	100V to 240V Communication
Current	0.051 Amps (115V)
Frequency	50-60Hz, Single phase
Power	5W
Output
Rated line voltage	3.3V DC
Current	1.5 amps
Steady state	5W
Peak	5 W
Maximum Bulk heat	17.0 btu/hours, fully used (5W)
Physical specifications
Size and weight
Size (high x Width x thick)	1.0x6.25x5.5 inches (2.54x15.875x13.97 cm)
Weight (single power supply)	0.75 lbs (0.34 kg)
Extended
PCI bus	Two 32-bit/33mhz PCI
Random access memory	Two 168-pin DIMM slots (Cisco PIX OS supports up to 64MB)
Interface
Console port	RS-232 (RJ-45) 9600 baud
External ports	Integrated 10Base T-Port, Half-duplex, RJ-45
Internal interface Port	Integrated automatic speed measurement, automatic mdix four-port 10/100 switch, RJ45
Compliance with the rules and standards
The product has a CE mark indicating that it complies with 89/366/EEC and 73/23/EEC regulations, including the following safety and electromagnetic compatibility (EMC) standards.
Safety	UL1950, can/csa-c22.2 No. 60950-00, IEC60950, EN60950
Electromagnetic compatibility (EMC)	EN55022 Class B, CISPR22 class B, As/nzs 3548 class B, VCCI class B, EN55024, en50082-1, En61000-3-2, en61000-3-3

Product order Information

Product model	Description
Pix-501-bun-k8	PIX 501 10 Users/des packs (chassis, latest PIX software, 10 user and Des use licenses, integrated 4-Port 10/100 switches and 10BaseT ports)
Pix-501-bun-k9	PIX 501 10 User/3des packs (chassis, latest PIX software, 10 users and 3DES use licenses, integrated 4-Port 10/100 switches and 10BaseT ports)
Pix-501-50-bun-k8	PIX 501 50 Users/des packs (chassis, latest PIX software, 50 user and Des use licenses, integrated 4-Port 10/100 switches and 10BaseT ports)
Pix-501-50-bun-k9	PIX 501 50 User/3des packs (chassis, latest PIX software, 50 users and 3DES use licenses, integrated 4-Port 10/100 switches and 10BaseT ports)
PIX-501	PIX 501 chassis, software, 10 user licenses, integrated 4-Port 10/100 switches and 10BaseT ports
Pix-501-sw-10	10 User licenses for PIX 501
Pix-501-sw-50	50 User licenses for PIX 501
pix-501-sw-10-50=	10 to 50 user upgrade usage licenses for PIX 501
Pix-501-pwr-ac=	Standby AC power for PIX 501
Pix-501-vpn-3des	168-bit 3DES software usage license
pix-501-vpn-3des=	168-bit 3DES software usage license
Pix-vpn-des	56-bit DES software usage license
pix-vpn-des=	56-bit DES software usage license