Cisco PIX 506E Firewall Introduction

The Cisco PIX 506E Firewall is an enhanced version of the most widely used Cisco PIX 506 Firewall, providing enterprise-class security for remote offices and branches through a robust, robust security device. The Cisco PIX 506E Firewall is part of the market-leading Cisco PIX Firewall series, offering rich security features and powerful remote management capabilities through a cost-effective, high-performance solution, especially for remote/branch-Office Internet connections. The PIX 506E also offers a higher 3DES VPN performance, with some applications having a performance of 70% higher than PIX 506.

Enterprise-class security for remote office/branch Environment

The Cisco PIX 506E Firewall is a security device designed for specific requirements that provides rich security services in a single device, including stateful monitoring firewalls, virtual private networks (VPNs), and intrusion prevention. Using Cisco's newest adaptive Security Algorithm (ASA) and the PIX operating system, the PIX 506E ensures that all subsequent users are secure and can help them protect against potential Internet threats. Its powerful stateful monitoring technology can track network requests from all authorized users to prevent unauthorized network access. Using the PIX 506E Flexible access control feature, administrators can also implement customized policies for network traffic through firewalls. The PIX 506E integrates seamlessly with your back-end enterprise database so that external access to network resources can be rigorously validated by directly using Tacacs/radius or indirectly using the Cisco Secure Access Control Server (ACS). The Cisco PIX 506E firewall can also leverage its standards-based Internet Key Exchange (IKE)/IP Security (IPSEC) VPN capabilities to ensure the security of all network traffic between the remote office and the corporate network over the Internet. By encrypting data with 56-bit Data Encryption Standard (DES) or optional advanced 168-bit triple DES (3DES) encryption, you will not be able to peek into your sensitive enterprise data when it is securely transmitted across the Internet. The Integrated Intrusion Prevention feature of the PIX 506E prevents your network from being exposed to a variety of common attacks. By looking for more than 55 different attacks "signatures," PIX can rigorously detect various attacks and can intercept them or notify you in real time.

Powerful remote management capabilities

Cisco PIX 506E is a reliable, maintainable platform that provides a variety of configuration, monitoring, and diagnostics. The scope of the PIX management solution is extensive-from an integrated, web-based management tool to a centralized, policy-based tool, as well as support for various remote monitoring protocols, such as Simple Network Management Protocol (SNMP) and system logs. The PIX Device Manager (PDM) provides an intuitive, web-based interface for administrators so that they can easily configure and monitor a pix 506E without having to install any software on the administrator's computer (other than a standard Web browser). The command line interface (CLI) provided by the PIX 506E enables administrators to remotely configure, monitor, and diagnose pix 506E in a variety of ways, including remote login, security Interpreter (SSH), and Out-of-band access via control ports. Administrators can also easily manage many PX 506E firewalls remotely through the Cisco Security Policy Manager (CSPM) provided in the Cisco vpn/Security Management Solution (VMS). CSPM 3.0 is an extensible, next-generation PIX firewall Centralized management solution with a variety of features, including task-based interfaces, interactive network topology diagrams, policy wizards, policy output features, and more.

Table 1 main features and advantages of the product

Main Features	Advantages
Enterprise-Class Security
A real security device.	The use of a dedicated, enhanced operating system eliminates the security risks of the common operating system Cisco's quality and lack of movable components provide a highly reliable security platform.
Stateful monitoring firewall	Provides border network security to prevent unauthorized network access. Use the latest adaptive Security Algorithm (ASA) to provide a robust stateful monitoring firewall service. Provides flexible access control capabilities for more than 100 pre-defined applications, services, and protocols, and enables the customization of applications and services. Includes a variety of "patches" that can be used to perceive applications to ensure the security of a variety of advanced network protocols (such as H.323, ISPs, skinny, RTSP, etc.). Includes content filtering for Java applets and ActiveX controls.
Vpn	Support for IKE and IPSec VPN standards Ensure data security/integrity, powerful, remote network and remote user authentication via the Internet Supports 56-bit DES and 168-bit 3DES data encryption to ensure data security
Intrusion detection	Provides protection against more than 55 common network attacks, ranging from deformable packet attacks to denial of service (DoS) attacks. Integrates with Cisco network intrusion Solutions The detection System (IDS) detector can dynamically block/avoid a compromised network node through a firewall.
AAA Support	Integrates with common identity authentication, authorization, and accounting services through tacacs+ and RADIUS support Tight integration with Cisco Secure Access control server (ACS)
X.509 Authentication and CRL support	Support for SCEP based registration through the leading X.509 solutions provided by Blatimore, Entrus, Microsoft and VeriSign
Integration with leading third party solutions	supports a wide range of Cisco Avvid (voice, video, and integrated Data architecture) partner solutions that provide URL filtering, content filtering, virus detection, and scalable remote management capabilities.
A powerful small office networking feature
DHCP client and server side	Automatically obtain the IP address of the firewall external interface from the telecommunications service provider Providing IP addresses for devices on the internal network of firewalls
Nat/pat Support	Provides dynamic/static network address translation (NAT) and port address translation (PAT) features Allow multiple users to share a broadband connection using the same public IP address
PPPoE (launched in the first quarter of 2002)	Ensure compatibility with networks that require support for PPPoE
Rich management capabilities
PIX Device Manager (PDM)	Intuitive, web-based GUI enables easy, secure remote management of PIX Firewalls Provides a variety of real-time and historical data reports that contain a great deal of information to help you get a deeper understanding of usage trends, performance, and security events.
Get support from Cisco Security Policy Manager (CSPM)	Scalable, unified management of all Cisco PIX Firewall products in the enterprise with CSPM's powerful policy management infrastructure
Cisco PIX CLI	Allows users to use existing PIX CLI technologies for easy installation and management without the need for further training can be accessed in a variety of ways, including console ports, remote landings, and CLI
SNMP and System log support	Provides remote monitoring and logging capabilities and integrates with Cisco and third party management applications

Table 2 3DES and Des

Performance overview
Clear-Text throughput	20Mbps
56-bit DES IPSEC VPN throughput	20Mbps
168-bit 3DES IPSec VPN throughput	16Mbps
Concurrent VPN tunnels	25*
* Number of supported maximum concurrent locations to or remote Access Vpn/ike Security Association (SA)
Technical Specifications
Processor	300MHz Intel Celeron Processor
Random Storage Memory	MB SDRAM
Flash	8 MB
System bus	Single 32-bit, 33MHz pic bus
Scope of work environment
Working environment
Temperature	23° to 104°f (0° to 40 ℃)
Relative humidity	10% to 90%, non condensing
Height	0 to 6500 ft. (2000 m)
Impact	1.88 m/s (74 inches/sec), sine input
Vibration	0.41GRMS2 (3 to 500Hz) random input
Non-working environment
Temperature	-13° to 158°f ( -25° to 70°c)
Relative humidity	10% to 95%, non condensing
Height	0 to 15000 ft. (4570 m)
Impact	60g,11m
Vibration	0.41GRMS2 (5 to 500Hz) random input
Power
Automatic switching
Line Voltage Range	100V to 240V RMS
Current	0.7-0.4 Amps
Frequency	50-60Hz, Single phase
Thermal Bulk Chassis:	102.4btu/hours, full use of power (30 watts)
Thermal bulk Chassis plus power adapter:	204.6btu/hours, full use of power (60 volts)
Size and weight
Size (high x Width x thick)	1.72x8.5x11.8 inches (4.37x21.59x29.97 cm)
Weight (single power supply)	6 lbs (2.71 kg)
Interface
Console port	RS-232 (RJ-45) 9600 baud
External ports	Integrated 10Base T port, self-negotiation/(half/Full-duplex), RJ-45
Internal interface Port	Integrated 10BaseT port, self-negotiation (half/Full-duplex), RJ45
Compliance with the rules and standards The product has a CE mark indicating that it complies with 89/366/EEC and 73/23/EEC regulations, including the following safety and electromagnetic compatibility (EMC) standards.
Safety	UL1950, can/csa-c22.2 No. 950,en 60950, IEC 60825-1, Iec60825-2, En60825-1, en60825-2, 21CFR 1040
Electromagnetic compatibility (EMC)	FCC part (CFR) Class A, ICES-003 Class A, EN55022 class A with UTP Class B and STP, CISPR22 class A with UTP Class B With STP, AS/NZS 3548 class A with UTP class B with STP, VCCI Class A with UTP class B with STP, EN55024, ETS 300 386-2, En50082-1, En61000-3-2, en61000-3-3