The Cisco PIX 506E Firewall is an enhanced version of the most widely used Cisco PIX 506 Firewall, providing enterprise-class security for remote offices and branches through a robust, robust security device. The Cisco PIX 506E Firewall is part of the market-leading Cisco PIX Firewall series, offering rich security features and powerful remote management capabilities through a cost-effective, high-performance solution, especially for remote/branch-Office Internet connections. The PIX 506E also offers a higher 3DES VPN performance, with some applications having a performance of 70% higher than PIX 506.
Enterprise-class security for remote office/branch Environment
The Cisco PIX 506E Firewall is a security device designed for specific requirements that provides rich security services in a single device, including stateful monitoring firewalls, virtual private networks (VPNs), and intrusion prevention. Using Cisco's newest adaptive Security Algorithm (ASA) and the PIX operating system, the PIX 506E ensures that all subsequent users are secure and can help them protect against potential Internet threats. Its powerful stateful monitoring technology can track network requests from all authorized users to prevent unauthorized network access. Using the PIX 506E Flexible access control feature, administrators can also implement customized policies for network traffic through firewalls. The PIX 506E integrates seamlessly with your back-end enterprise database so that external access to network resources can be rigorously validated by directly using Tacacs/radius or indirectly using the Cisco Secure Access Control Server (ACS). The Cisco PIX 506E firewall can also leverage its standards-based Internet Key Exchange (IKE)/IP Security (IPSEC) VPN capabilities to ensure the security of all network traffic between the remote office and the corporate network over the Internet. By encrypting data with 56-bit Data Encryption Standard (DES) or optional advanced 168-bit triple DES (3DES) encryption, you will not be able to peek into your sensitive enterprise data when it is securely transmitted across the Internet. The Integrated Intrusion Prevention feature of the PIX 506E prevents your network from being exposed to a variety of common attacks. By looking for more than 55 different attacks "signatures," PIX can rigorously detect various attacks and can intercept them or notify you in real time.
Powerful remote management capabilities
Cisco PIX 506E is a reliable, maintainable platform that provides a variety of configuration, monitoring, and diagnostics. The scope of the PIX management solution is extensive-from an integrated, web-based management tool to a centralized, policy-based tool, as well as support for various remote monitoring protocols, such as Simple Network Management Protocol (SNMP) and system logs. The PIX Device Manager (PDM) provides an intuitive, web-based interface for administrators so that they can easily configure and monitor a pix 506E without having to install any software on the administrator's computer (other than a standard Web browser). The command line interface (CLI) provided by the PIX 506E enables administrators to remotely configure, monitor, and diagnose pix 506E in a variety of ways, including remote login, security Interpreter (SSH), and Out-of-band access via control ports. Administrators can also easily manage many PX 506E firewalls remotely through the Cisco Security Policy Manager (CSPM) provided in the Cisco vpn/Security Management Solution (VMS). CSPM 3.0 is an extensible, next-generation PIX firewall Centralized management solution with a variety of features, including task-based interfaces, interactive network topology diagrams, policy wizards, policy output features, and more.
|
Table 1 main features and advantages of the product |
|
Main Features |
Advantages |
Enterprise-Class Security |
A real security device. |
The use of a dedicated, enhanced operating system eliminates the security risks of the common operating systemCisco's quality and lack of movable components provide a highly reliable security platform. |
Stateful monitoring firewall |
Provides border network security to prevent unauthorized network access.Use the latest adaptive Security Algorithm (ASA) to provide a robust stateful monitoring firewall service.Provides flexible access control capabilities for more than 100 pre-defined applications, services, and protocols, and enables the customization of applications and services.Includes a variety of "patches" that can be used to perceive applications to ensure the security of a variety of advanced network protocols (such as H.323, ISPs, skinny, RTSP, etc.).Includes content filtering for Java applets and ActiveX controls. |
Vpn |
Support for IKE and IPSec VPN standardsEnsure data security/integrity, powerful, remote network and remote user authentication via the InternetSupports 56-bit DES and 168-bit 3DES data encryption to ensure data security |
Intrusion detection |
Provides protection against more than 55 common network attacks, ranging from deformable packet attacks to denial of service (DoS) attacks.Integrates with Cisco network intrusion SolutionsThe detection System (IDS) detector can dynamically block/avoid a compromised network node through a firewall. |
AAA Support |
Integrates with common identity authentication, authorization, and accounting services through tacacs+ and RADIUS supportTight integration with Cisco Secure Access control server (ACS) |
X.509 Authentication and CRL support |
Support for SCEP based registration through the leading X.509 solutions provided by Blatimore, Entrus, Microsoft and VeriSign |
Integration with leading third party solutions |
supports a wide range of Cisco Avvid (voice, video, and integrated Data architecture) partner solutions that provide URL filtering, content filtering, virus detection, and scalable remote management capabilities. |
A powerful small office networking feature |
DHCP client and server side |
Automatically obtain the IP address of the firewall external interface from the telecommunications service providerProviding IP addresses for devices on the internal network of firewalls |
Nat/pat Support |
Provides dynamic/static network address translation (NAT) and port address translation (PAT) featuresAllow multiple users to share a broadband connection using the same public IP address |
PPPoE (launched in the first quarter of 2002) |
Ensure compatibility with networks that require support for PPPoE |
Rich management capabilities |
PIX Device Manager (PDM) |
Intuitive, web-based GUI enables easy, secure remote management of PIX FirewallsProvides a variety of real-time and historical data reports that contain a great deal of information to help you get a deeper understanding of usage trends, performance, and security events. |
Get support from Cisco Security Policy Manager (CSPM) |
Scalable, unified management of all Cisco PIX Firewall products in the enterprise with CSPM's powerful policy management infrastructure |
Cisco PIX CLI |
Allows users to use existing PIX CLI technologies for easy installation and management without the need for further trainingcan be accessed in a variety of ways, including console ports, remote landings, and CLI |
SNMP and System log support |
Provides remote monitoring and logging capabilities and integrates with Cisco and third party management applications |
Performance overview |
Clear-Text throughput |
20Mbps |
56-bit DES IPSEC VPN throughput |
20Mbps |
168-bit 3DES IPSec VPN throughput |
16Mbps |
Concurrent VPN tunnels |
25* |
* Number of supported maximum concurrent locations to or remote Access Vpn/ike Security Association (SA) |
Technical Specifications |
Processor |
300MHz Intel Celeron Processor |
Random Storage Memory |
MB SDRAM |
Flash |
8 MB |
System bus |
Single 32-bit, 33MHz pic bus |
Scope of work environment |
Working environment |
Temperature |
23° to 104°f (0° to 40 ℃) |
Relative humidity |
10% to 90%, non condensing |
Height |
0 to 6500 ft. (2000 m) |
Impact |
1.88 m/s (74 inches/sec), sine input |
Vibration |
0.41GRMS2 (3 to 500Hz) random input |
Non-working environment |
Temperature |
-13° to 158°f ( -25° to 70°c) |
Relative humidity |
10% to 95%, non condensing |
Height |
0 to 15000 ft. (4570 m) |
Impact |
60g,11m |
Vibration |
0.41GRMS2 (5 to 500Hz) random input |
Power |
Automatic switching |
Line Voltage Range |
100V to 240V RMS |
Current |
0.7-0.4 Amps |
Frequency |
50-60Hz, Single phase |
Thermal Bulk Chassis: |
102.4btu/hours, full use of power (30 watts) |
Thermal bulk Chassis plus power adapter: |
204.6btu/hours, full use of power (60 volts) |
Size and weight |
Size (high x Width x thick) |
1.72x8.5x11.8 inches (4.37x21.59x29.97 cm) |
Weight (single power supply) |
6 lbs (2.71 kg) |
Interface |
Console port |
RS-232 (RJ-45) 9600 baud |
External ports |
Integrated 10Base T port, self-negotiation/(half/Full-duplex), RJ-45 |
Internal interface Port |
Integrated 10BaseT port, self-negotiation (half/Full-duplex), RJ45 |
Compliance with the rules and standards The product has a CE mark indicating that it complies with 89/366/EEC and 73/23/EEC regulations, including the following safety and electromagnetic compatibility (EMC) standards. |
Safety |
UL1950, can/csa-c22.2 No. 950,en 60950, IEC 60825-1, Iec60825-2, En60825-1, en60825-2, 21CFR 1040 |
Electromagnetic compatibility (EMC) |
FCC part (CFR) Class A, ICES-003 Class A, EN55022 class A with UTP Class B and STP, CISPR22 class A with UTP Class B With STP, AS/NZS 3548 class A with UTP class B with STP, VCCI Class A with UTP class B with STP, EN55024, ETS 300 386-2, En50082-1, En61000-3-2, en61000-3-3 |