Cisco PIX Firewall full range of products List (2)

Source: Internet
Author: User
Tags command line failover ftp interface connect system log version access
PIX 525 Product Essentials and application environment

Cisco PIX 525 Firewall Application Environment

The Cisco Secure PIX 525 Firewall is part of the world's leading Cisco Secure PIX Firewall series, providing unmatched security, reliability, and performance for today's network customers. Its full firewall protection and IP Security (IPSEC) virtual private Network (VPN) capabilities make it particularly appropriate to protect the boundaries of enterprise headquarters.

Strong security Features

The development of the Internet poses a greater security risk for businesses, governments, and private networks. Existing solutions such as the agent-based firewall running on the application tier have many limitations, including low performance, expensive general-purpose platforms, and security risks when using open systems such as UNIX.

While the Cisco Secure PIX Firewall delivers unprecedented security protection, the core of its protection mechanism is the ability to provide an adaptive security algorithm (ASA) for the functionality of the static-attached firewall. Static security, although relatively simple, but compared with packet filtering, the function is more robust, in addition, with the Application Layer Agent firewall, its performance is higher, scalability is stronger. ASA can track source and destination addresses, Transmission Control Protocol (TCP) serial numbers, port numbers, and additional TCP flags for each packet. Access is allowed through the Cisco Secure PIX Firewall Only if there are correct connections that have determined connection relationships. In doing so, internal and external authorized users can transparently access enterprise resources while protecting the internal network from unauthorized access.

In addition, real-time embedded systems can further enhance the security of the Cisco Secure PIX Firewall family. Although UNIX servers are an ideal open development platform for widespread use of open source code, the common operating system does not provide the best performance and security. The dedicated Cisco Secure PIX Firewall is specifically designed to achieve secure, high-performance protection.

Secure VPN with IPSec interop

Traditionally, the firewall implements the boundary security by maintaining the static control of all connections between the connected network segments. Today, more and more customers are looking for firewalls that provide VPN services in addition to access control. With VPNs, remote users or distributed branch offices can access the enterprise network at a lower cost, while using Internet access can significantly reduce the cost of telecommunications associated with a previous dedicated line or other private network. Companies do not need to maintain large modem pools and access servers to handle remote dial-up users, and these are things that require a lot of money and headaches for administrators. Now, with only a local call to the ISP, users can access the dedicated enterprise intranet securely over the Internet.

PIX 525 implements secure, confidential communication on the Internet or on all IP networks. It integrates the main features of the VPN-tunneling, data encryption, security, and firewalls-to provide a secure, scalable platform for better and more cost-effective use of public data services for remote access, remote office and extranet connectivity. 525 can connect up to 4 VPN tiers at the same time, providing users with complete IPSec standard implementations, where IPSec guarantees confidentiality, integrity, and authentication capabilities. For secure data encryption, Cisco's IPSec implementation methods support 56-bit Data Encryption Standard (DES) and 168-bit triple DES algorithms and AES algorithms.

Extreme Reliability

The PIX Firewall delivers unprecedented reliability with an average of no downtime (MTBF) exceeding 60,000 hours. Even at this high level, companies that have Internet, intranet, or extranet connectivity as enterprise Lifelines recognize that firewall redundancy is a key factor. Every minute the firewall stops running, it means the loss of revenue, opportunity, or critical information. Cisco has created a failover bundle that works with the PIX 525-ur to meet these requirements simply and cheaply. This package provides a second firewall specifically designed to run in failover mode for an enterprise.

Amazing flexibility

The Cisco Secure PIX 525 Firewall supports a variety of network interface cards (NICs). Standard NICs include single port or 4-port 10/100 Fast Ethernet, Gigabit Ethernet, 4/16 Token ring and dual-connected multimode FDDI cards.

In addition, the PIX 525 offers a variety of power options that allow users to choose between AC or 48V DC power. Each option is equipped with a pair of products for the second failover PIX system to achieve maximum redundancy and high availability.

Main features and advantages

  • Part of the Cisco End-to-end Solution-allows companies to extend cost-effective, seamless network infrastructure to branch offices.
  • Lowest cost of ownership-installation, simple configuration, less network downtime. In addition, it allows transparent support for Internet multimedia applications and no longer requires the actual tuning and reconfiguration of each client workstation or PC.
  • Non-UNIX security, real-time, and embedded systems-eliminates the risk of a common operating system and delivers outstanding performance.
  • standards-based Virtual Private Networking-enables administrators to reduce the cost of connecting mobile users and remote sites to the corporate network via the Internet or other public IP networks.
  • Adaptive security algorithm-provides static security for all TCP/IP dialogs to protect sensitive and confidential resources.
  • static failover/Hot standby-provides high availability, making the network most reliable.
  • Network address Translation (NAT)-saves valuable IP addresses, expands network address space, and hides IP addresses from outside.
  • Truncate through proxies-provides the industry's highest level of authentication performance and lowers cost of ownership by reuse of existing certified databases.
  • Multiple network interface cards-provides strong security for the web and all other public access servers, multiple extranet links with different partners, protected records, and URL filtering servers.
  • Supports up to 380,000 simultaneous connections-deploying few firewalls can greatly improve the performance of the proxy server.
  • Prevent denial of service attacks-protect firewalls and their servers and clients from destructive hacker attacks.
  • Support for a variety of applications-overall reduce the impact of firewalls on network users.
  • Java applet Filtering-enables firewalls to terminate potentially dangerous Java applications on a per-client or per-IP address.
  • Support for multimedia applications-reduces the administrative time and costs required to support these protocols. No special client configuration is required.
  • Simple to set-you can implement a general security policy with just 6 commands.
  • Compact design-can be deployed more easily on desktops or smaller office settings.
  • URL filtering-When used in conjunction with the Websense Enterprise software, provides the ability to control which Web sites users can access and maintain audit trail data for billing purposes. Minimal impact on PIX firewall performance.
  • Message protection-no longer requires external messages to be forwarded in the perimeter network, and also to prevent denial-of-service attacks during external mail forwarding.

  

Main characteristics and advantages of PIX525
Performance overview
Clear-Text throughput 370Mbps
168-bit 3DES IPSec VPN throughput 145Mbps
Concurrent VPN tunnels 2000
Concurrent connections 380,000 7500/sec


PIX 535 Product Essentials and application environment

The load-level performance provided by Cisco Secure PIX Firewall 535 can meet the needs of large business networks and service providers. As part of the world's leading Cisco Secure PIX Firewall series, PIX 535 delivers unmatched security, reliability, and performance for today's network customers. The firewall combines static firewall and IP Security (IPSEC) virtual private Network (VPN) capabilities with Gigabit Ethernet throughput flexibly.

PIX 535 is a common firewall device capable of providing unprecedented protection. It is tightly integrated with the PIX operating system (OS), a dedicated curing system that eliminates security vulnerabilities and performance degradation costs. At the heart of the PIX535 Firewall is a protection mechanism based on adaptive Security Algorithm (ASA) that provides a firewall for static connections that enables 500,000 simultaneous connections while preventing common denial of service (DoS) attacks.

In addition, the PIX 535 is a fully functional VPN gateway capable of transmitting data securely over the public network, which supports site to site and remote access to VPN applications using 56-bit Data Encryption Standard (DES) or 168-bit 3DES. The integrated VPN capabilities of the PIX 535 are supported by the VPN accelerator card (VAC) option, providing throughput for 495 Mbps and 2000 IPSec tunnels.

High availability is achieved by deploying a redundant hot standby unit that maintains simultaneous connections through automatic static synchronization. This ensures that the conversation can be maintained even in the event of a system failure and that the switching process is done transparently to the network user. In addition, the PIX 535 allows you to add optional redundant, hot-swappable power to the AC or DC model to make it a truly fault-tolerant security device.

PIX535 Limited software version

The PIX 535, which contains limited software licenses, is equipped with 512MB of RAM, supports up to 6 Gigabit Ethernet or 10/100 Fast Ethernet interfaces, and a vac.

PIX535 Unlimited software version

The PIX 535, which contains unlimited software licenses, is equipped with 1GB of RAM, supports up to 8 Gigabit Ethernet or 10/100 Fast Ethernet interfaces, and a vac. In addition, the PIX 535-ur also adds the ability to share state information with the hot standby pix to achieve full firewall redundancy.

  

Performance Summary of PIX535
Performance overview
Clear-Text throughput 1.675Mbps
168-bit 3DES IPSec VPN throughput 495Mbps
Concurrent VPN tunnels 2000
Concurrent connections 500,000 9400/sec

Technical Specifications

      Processor: 1.0 GHz Intel Pentium III
      Random Read and write memory: MB or 1 GB SDRAM (hosting PC 133)
      Flash Memory: MB
      Cache: 256 KB level 2,1 GHz
      System bus: Dual 64-bit, 66MHz PCI; Single 32-bit, 33MHz PCI

Extended

      PCI bus: 9 PCI slots (4 64-bit/66mhz,5 32-bit/33mhz)
      Random Read and Write memory: 6 DIMM slots, support up to 6GB of PC133 DRAM (PIX operating system maximum support 1GB)

Interface

      Console port: RS-232 (RJ-45) 9600 Porter
      Failover port: RS-232 (DB-15) 115Kbps (requires Cisco dedicated cable)

Cisco high-end firewall 6503/6506/6509 product Essentials and application environment, solution application

The Cisco catalyst?6503/6506/6509 High-end firewall is a high-speed, integrated firewall that delivers the fastest firewall data transfer rate in the industry: 5Gb throughput, 100000CPS, and 1 million concurrent connections. Up to four FWSM firewall modules can be installed in a single device, so that each device can provide up to 20Gb of throughput. As part of the world's leading Cisco PIX Firewall series, the 6503/6506/6509 high-end firewall provides unmatched security, reliability, and performance for large businesses and service providers.

The 6503/6506/6509 high-end firewall (FWSM) employs the Cisco PIX Technology and runs the Cisco PIX operating System (OS)-a real-time, solid embedded systems that eliminate security vulnerabilities and prevent all kinds of losses that can lead to performance degradation. The core of this system is a protection mechanism based on adaptive Security Algorithm (ASA), which can provide a stateful firewall with connection-oriented capabilities. Using ASA,FWSM, you can create a connection table entry for a session stream based on the source and destination addresses, random TCP serial numbers, port numbers, and other TCP flags. FWSM can control the flow of all inputs and outputs by enforcing security policies on these join table entries.

FWSM Integrated Firewall module

The 6503/6506/6509 high-end firewall is FWSM Firewall Service module installed inside the Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet router, and any cat6k port can act as a firewall port. And the State firewall security is integrated into the network infrastructure. This functionality is important for systems with very limited rack space. Cisco Catalyst 6500 truly becomes the preferred IP service switch for customers who require a variety of intelligent services, such as firewall access, intrusion detection, virtual private network (VPN), and multi-tier LAN, WAN, and man switching capabilities.

Adapt to future needs

The 6503/6506/6509 high-end firewall (FWSM) can support 5Gb throughput, thus providing unmatched performance that allows users to meet future requirements without a thorough upgrade of the system. You can add up to four FWSM in Catalyst 6500 to meet the evolving needs of your users.

Reliability

The FWSM firewall module is based on the Cisco PIX Technology and uses the same, verified Cisco PIX operating System-a secure, real-time operating system. FWSM can leverage proven Cisco PIX Technology detection groupings to provide a unique combination of performance and security on the same platform.

Low overall operating costs

FWSM can provide the best performance price ratio in all firewalls. Because the FWSM firewall module is based on the Cisco PIX Firewall, the training and management costs are low, and because it is integrated within the CAT6K device, the number of devices that need to be managed is greatly reduced.

Ease of Use

The intuitive graphical user interface (GUI) of the Cisco PIX Device Manager can be used to manage and configure FWSM.

  

FWSM Firewall Features
Main Features Advantages
Performance
  • 5 Gbps
  • 1 million concurrent connections
  • Establish and disconnect more than 100,000 connections per second
  • Multiple interfaces
  • Up to 100 firewalls can be supported vlan--any Cisco Catalyst 4000 VLAN can act as a firewall VLAN
  • Support for 802.1q and ISL protocols
  • Plunge Agent Implementing security policies for each VLAN
    Main Features Advantages
    Configuration support
  • Console to command line interface (CLI)
  • Telnet to the internal interface of the Cisco PIX Firewall
  • IPSec-based Telnet to the external interface of the Cisco PIX Firewall
  • SSH to CLI
  • SSL to Cisco PIX Device Manager
  • AAA Support Integrates common identity authentication, authorization, and accounting services with tacacs+ and RADIUS support
    Nat/pat Support Provides dynamic/static network address resolution (NAT) and port address resolution (PAT)
    Cisco PIX Device Manager (PDM)
  • A simple, intuitive, web-based GUI can support remote firewall management
  • Multiple reports based on real-time data and historical data can provide information on usage trends, basic performance, and security events
  • Secure network Management Secure network management access with triple Data Encryption Standard (3DES) encryption
    Access Control List
  • Supports up to 128,000 access control lists
  • URL filtering Set policy in the server and check the output URL request using the Websense software
    Command authorization Prioritize all CLI, creating a user account or login environment that corresponds to those priorities.
    Object Group Ability to combine network objects (such as hosts) and services (such as FTP and HTTP)
    Prevent DoS
  • DNS Protection
  • Flood Defender
  • Flood Guard
  • TCP interdiction
  • Unicast Reverse Path sending
  • Fragguard and virtual reorganization
  • Routing
  • Static routing · Dynamic, such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF)
  • High Availability State recovery--between the device and the device
    Log Comprehensive System log, FTP, URL, and ACL logs
    Other agreements
  • H.323 V2
  • IP-based NetBIOS
  • RAS second version
  • RTSP
  • Sip
  • XDMCP
  • Skinny
  • 6503/6506/6509 High-end firewall application environment

    6503/6506/6509 high-end firewalls are deployed in the network topology of the Enterprise Park's data center.

    Today's enterprises not only need perimeter security, but also need to connect business partners and provide park security zone, for the various departments in the enterprise to provide security services. 6503/6506/6509 high-end firewalls provide a flexible, cost-effective, performance-based solution by allowing users and administrators to set up security domains in the enterprise with different policies. Figure 2 shows a park deployment that uses state filtering to create a different VLAN-based security domain.

    With the 6503/6506/6509 high-end firewall, users can make corresponding policies for different VLANs.

    Data centers also need to use stateful firewall security solutions to protect data and provide gigabit performance at the lowest possible cost. 6503/6506/6509 High-end firewalls can maximize the efficiency of capital investment by providing the best performance-price ratios in the firewall, allowing customers to forgo the expensive firewall products that they used to have to buy additional firewall load-balancing devices.

    Cisco IOS router firewall products and features

    Cisco's iOS routers offer powerful security features, and with the high integration requirements, Cisco's full range of routers and security-enabled iOS software are also a flexible option.

    Cisco iOS firewall software highlights a wide variety of powerful security features, including:

      • Context-based access control (CBAC)
      • Intrusion detection
      • Authentication Agent
      • Denial of service detection and prevention
      • Dynamic port Mapping
      • Java Small application Lockdown
      • VPN, IPSec encryption, and QoS support:
      • Real-time alarms
      • Network Transaction trace Record
      • Event logging
      • Firewall management
      • Integration with Cisco IOS software
      • Basic and advanced Data flow filtering:
      • Multi-interface support based on policy
      • Network Address Translation
      • Time-based access list
      • Peer Router authentication


    Related Article

    E-Commerce Solutions

    Leverage the same tools powering the Alibaba Ecosystem

    Learn more >

    Apsara Conference 2019

    The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

    Learn more >

    Alibaba Cloud Free Trial

    Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

    Learn more >

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.