The PIX Firewall comes in four main models, with an additional model that's being phased out. Ranging in size from models designed for the home or small office through enterprise level firewalls, the PIX models allow for virtually any size of organization to be protected. The models are as follows:
PIX 506
PIX 515
PIX 520/525
PIX 535
The features of each model follow.
The PIX 506 is the smallest of the PIX Firewalls available. Currently list-priced at less than U.S. $2000, the 506 is designed for firewall protection of the home or small business office. The 506 is approximately one-half the width of the rest of the PIX models. The capabilities and hardware features of the 506 are as follows:
10 Mbps throughput
7 Mbps throughput for Triple Data Encryption Standard (3DES) connections
200 MHz Pentium MMX processor
32 MB SDRAM
8 MB Flash memory
Two integrated 10/100 ports
A picture of the PIX 506 is shown in Figure 4-1.
The PIX 515 is designed for larger offices than those of the 506. There are three main advantages of the 515 over the 506. The first advantage is the ability to create demilitarized zones (DMZs) through the use of an additional network interface. The second advantage is the throughput speed and number of simultaneous connections supported. The third advantage is the ability to support a failover device that will assume the duties of the primary PIX should there be a failure. The PIX 515 comes in two models, the 515 Restricted (515-r) and the 515 Unrestricted (515-ur). The characteristics of these two models follow.
PIX 515-r:
No failover devices supported.
A single DMZ can be used.
Ethernet must be the LAN protocol.
Maximum of three interfaces may be used.
32 MB RAM.
PIX 515-ur:
Failover devices are supported.
Two DMZs may be implemented.
Ethernet must be the LAN protocol.
Maximum of six interfaces may be used.
64 MB RAM.
These two models are essentially the same hardware with different memory and software. It is possible to purchase a 515-r and upgrade it to a 515-ur by adding more memory and updating the operating system. The net cost to the user is very close to the purchase price of a 515-ur. The capabilities and hardware features of the 515 follow:
Rack mountable
Up to 100,000 simultaneous connections
Up to 170 Mbps throughput
Up to four interfaces
Up to 64 MB SDRAM
16 MB Flash memory
200 MHz Pentium MMX processor
A picture of the PIX 515 is shown in Figure 4-2.
The PIX 520, sometimes called the classic PIX, is in the process of being phased out in favor of the newer design of the model 525. Both of these firewalls have the same underlying hardware.
The PIX 525 is designed for a large organization and has the following capabilities and hardware features:
Rack mountable
More than 256,000 simultaneous connections
Six to eight integrated Ethernet cards
Up to four Token Ring cards
Up to four FDDI or four Gigabit Ethernet cards
More than 240 Mbps throughput
Up to 256 MB RAM
A picture of the PIX 525 is shown in Figure 4-3.
The PIX 535 is designed for large enterprise and Internet service provider (ISP) environments where an extreme amount of traffic must be secured. This is presently the largest PIX Firewall available and has the following capabilities and hardware features:
Rack mountable
More than 500,000 simultaneous connections
Six to eight integrated Ethernet cards
Up to four Token Ring cards
More than 1,000 Mbps throughput
512 to 1024 MB RAM
A picture of the PIX 535 is shown in Figure 4-4.
3.139.97.53