Cisco PIX 525 Firewall Introduction

Source: Internet
Author: User
Tags failover requires file transfer protocol

The Cisco Secure PIX 525 Firewall is part of the world's leading Cisco Secure PIX Firewall series, providing unmatched security, reliability, and performance for today's network customers. Its full firewall protection and IP Security (IPSEC) virtual private Network (VPN) capabilities make it particularly appropriate to protect the boundaries of enterprise headquarters.

Strong security Features

The development of the Internet poses a greater security risk for businesses, governments, and private networks. Existing solutions such as the agent-based firewall running on the application tier have many limitations, including low performance, expensive general-purpose platforms, and security risks when using open systems such as UNIX. While the Cisco Secure PIX Firewall delivers unprecedented security protection, the core of its protection mechanism is the ability to provide an adaptive security algorithm (ASA) for the functionality of the static-attached firewall. Static security, although relatively simple, but compared with packet filtering, the function is more robust, in addition, with the Application Layer Agent firewall, its performance is higher, scalability is stronger. ASA can track source and destination addresses, Transmission Control Protocol (TCP) serial numbers, port numbers, and additional TCP flags for each packet. Access is allowed through the Cisco Secure PIX Firewall Only if there are correct connections that have determined connection relationships. In doing so, internal and external authorized users can transparently access enterprise resources while protecting the internal network from unauthorized access. In addition, real-time embedded systems can further enhance the security of the Cisco Secure PIX Firewall family. Although UNIX servers are an ideal open development platform for widespread use of open source code, the common operating system does not provide the best performance and security. The dedicated Cisco secure PIX firewall is specifically designed to achieve secure, high-performance protection.

Secure VPN with IPSec interop

Traditionally, the firewall implements the boundary security by maintaining the static control of all connections between the connected network segments. Today, more and more customers are looking for firewalls that provide VPN services in addition to access control. With VPNs, remote users or distributed branch offices can access the enterprise network at a lower cost, while using Internet access can significantly reduce the cost of telecommunications associated with a previous dedicated line or other private network. Companies do not need to maintain large modem pools and access servers to handle remote dial-up users, and these are things that require a lot of money and headaches for administrators. Now, with only a local call to the ISP, users can access the dedicated enterprise intranet securely over the Internet. PIX 525 implements secure, confidential communication on the Internet or on all IP networks. It integrates the main features of the VPN-tunneling, data encryption, security, and firewalls-to provide a secure, scalable platform for better and more cost-effective use of public data services for remote access, remote office and extranet connectivity. 525 can connect up to 4 VPN tiers at the same time, providing users with complete IPSec standard implementations, where IPSec guarantees confidentiality, integrity, and authentication capabilities. For secure data encryption, Cisco's IPSec implementation methods support 56-bit Data Encryption Standard (DES) and 168-bit triple DES algorithms.

Extreme Reliability

The PIX firewall delivers unprecedented reliability with an average of no downtime (MTBF) exceeding 60,000 hours. Even at this high level, companies that have Internet, intranet, or extranet connectivity as enterprise Lifelines recognize that firewall redundancy is a key factor. Every minute the firewall stops running, it means the loss of revenue, opportunity, or critical information. Cisco has created a failover bundle that works with the PIX 525-ur to meet these requirements simply and cheaply. The package provides an enterprise with a second firewall specifically designed to run in failover mode, and its price is only a small part of the standard pix 525 ur bundle.

Amazing flexibility

The Cisco Secure PIX 525 Firewall supports a variety of network interface cards (NICs). Standard NICs include single port or 4-port 10/100 Fast Ethernet, Gigabit Ethernet, 4/16 Token ring and dual-connected multimode FDDI cards. In addition, the PIX 525 offers a variety of power options that allow users to choose between AC or 48V DC power. Each option is equipped with a pair of products for the second failover PIX system to achieve maximum redundancy and high availability.

Main features and advantages

  • Part of the Cisco End-to-end Solution-allows companies to extend cost-effective, seamless network infrastructure to branch offices.
  • Lowest cost of ownership-installation, simple configuration, less network downtime. In addition, it allows transparent support for Internet multimedia applications and no longer requires the actual tuning and reconfiguration of each client workstation or PC.
  • Non-UNIX security, real-time, and embedded systems-eliminates the risk of a common operating system and delivers outstanding performance.
  • standards-based Virtual Private Networking-enables administrators to reduce the cost of connecting mobile users and remote sites to the corporate network via the Internet or other public IP networks.
  • Adaptive security algorithm-provides static security for all TCP/IP dialogs to protect sensitive and confidential resources.
  • static failover/Hot standby-provides high availability, making the network most reliable.
  • Network address Translation (NAT)-saves valuable IP addresses, expands network address space, and hides IP addresses from outside.
  • Truncate through proxies-provides the industry's highest level of authentication performance and lowers cost of ownership by reuse of existing certified databases.
  • Multiple network interface cards-provides strong security for the web and all other public access servers, multiple extranet links with different partners, protected records, and URL filtering servers.
  • Supports up to 280,000 simultaneous connections-deploying few firewalls can greatly improve the performance of the proxy server.
  • Prevent denial of service attacks-protect firewalls and their servers and clients from destructive hacker attacks.
  • Support for a variety of applications-overall reduce the impact of firewalls on network users.
  • Java applet Filtering-enables firewalls to terminate potentially dangerous Java applications on a per-client or per-IP address.
  • Support for multimedia applications-reduces the administrative time and costs required to support these protocols. No special client configuration is required.
  • Simple to set-you can implement a general security policy with just 6 commands.
  • Compact design-can be deployed more easily on desktops or smaller office settings.
  • URL filtering-When used in conjunction with the Websense Enterprise software, provides the ability to control which Web sites users can access and maintain audit trail data for billing purposes. Minimal impact on PIX firewall performance.
  • Message protection-no longer requires external messages to be forwarded in the perimeter network, and also to prevent denial-of-service attacks during external mail forwarding.

Technical Specifications


    • Processor: 600MHz Intel Pentium III
    • Random Read and Write memory: up to 256 MB
    • Flash Memory: MB
    • Interface: Dual integrated BASE-T Fast Ethernet, RJ45
    • PCI Slots: 3
    • Console port: RJ-45
    • Device Update processing: Using only small File Transfer Protocol (TFTP)
    • Failover port: DB-15 (RS 232)

Restricting software

The PIX 525, which contains limited software licenses, provides entry-level enterprise security and performance. The 525-r includes 128MB of RAM and can use up to 6 10/100 Fast Ethernet interfaces.

Unlimited software

PIX 525, which contains unrestricted licenses, is designed for large enterprises and is capable of providing all of the PIX 525-r functionality. In addition, 525-ur has increased the ability to statically switch to the standby PIX firewall, supporting and adding two (total 8) 10/100 Fast Ethernet ports. It has the ability to handle 280,000 simultaneous connections, with plain text throughput up to 370 Mbps.
Pricing and part numbers for Cisco Secure PIX 525 Firewalls
Pix-525-r-bun PIX 525 Limited Bundle (chassis, limited software, 2 10/100 ports)
Pix-525-ur-bun PIX 525 Unlimited Bundle (chassis, unlimited software, 2 10/100 ports)
Pix-525-fo-bun PIX 525 Failover Bundle (chassis, failover software, 2 10/100 ports)
Pix-pl2 Dedicated link 2 DES, only for encryption accelerator cards
Pix-1fe 1 10/100 Mbps Ethernet interface, RJ45
Pix-4fe 4-Port 10/100 Mbps Ethernet interface, RJ45
Pix-1ge Single Gigabit Ethernet interface for the PIX firewall
Pix-1tr 1 4/16 Mbps Token Ring interface
Pix-fddi FDDI interface for the PIX firewall
Pix-vpn-des 56-bit DES IPSec software licenses for the PIX firewall
Pix-vpn-3des 168-bit 3DES IPSec software license for the PIX firewall
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.