Such products offer simplicity and ease of deployment, rather than the advanced technology that enterprises need. Larger companies looking for scalable, highly configurable firewall appliances may want to turn to Cisco Systems, which is known for its reliable, feature-rich network gear. Several models in Cisco's PIX line of hardware-based firewall devices are particularly well suited for the enterprise.
The PIX lineup
You can get a detailed comparison of the firewalls at the PIX Firewall Documentation page on Cisco's Web site, but here's an overview. Cisco's lineup currently offers these five PIX models:
- Cisco PIX 535 Firewall
This is the largest of Cisco's firewalls. It is intended for very large companies and network service providers.
Throughputââ,¬"1 Gbps
Concurrent connectionsââ,¬"Up to 500,000
3DES VPN throughputââ,¬"95 Mbps
Interface supportââ,¬"Up to 10 10/100 Fast-E or 9-Gb Ethernet
Street costââ,¬"About US$45,000 - Cisco PIX 525 Firewall
This model is aimed at enterprise networks and smaller service providers.
Throughputââ,¬"360 Mbps
Concurrent connectionsââ,¬"Up to 280,000
3DES VPN throughputââ,¬"70 Mbps
Interface supportââ,¬"Up to 8 10/100 Fast-E or 3-Gb Ethernet
Street costââ,¬"About $14,000 - Cisco PIX 515E Firewall
This PIX firewall is intended for small to medium-size enterprises.
Throughputââ,¬"188 Mbps
Concurrent connectionsââ,¬"Up to 125,000
3DES VPN throughputââ,¬"63 Mbps
Interface supportââ,¬"Up to 6 10/100 Fast-E
Street costââ,¬"About $6,000 - Cisco PIX 506E Firewall
Cisco designed this PIX firewall for remote or branch offices.
Throughputââ,¬"20 Mbps
3DES VPN throughputââ,¬"16 Mbps
Interface supportââ,¬"2 10Base-T
Street costââ,¬"About $1,300 - Cisco PIX 501 Firewall
Targeted toward small offices and home-based corporate workers, the 501 is the smallest of the Cisco PIX lineup.
Throughputââ,¬"10 Mbps
3DES VPN throughputââ,¬"3 Mbps
Interface supportââ,¬"4-port Fast-E Switch and 1 10Base-T
Street costââ,¬"About $500
Author's note
The street cost given for each of the above routers is based on the highest model available. This is typically the -unrestricted" (thus, unlimited user) model. You may be able to purchase limited-user models for less money.
As you can see, prices range from $50,000 to $500, and targeted users range from service providers (such as America Online or AT&T) to home users. Some models have additional user licenses or features that can be purchased, such as support for failover or additional VPN users.
Here are some of the more impressive features of PIX firewalls:
- They all run the same operating system and have the same user interface.
- Most can support failover for redundancy.
- All do stateful packet inspection.
- The higher-end models can support Gigabit Ethernet interfaces.
To keep this roundup succinct, I won't go in to all the security features, protocols, and standards supported by the PIX. What is important is that the Cisco PIX firewalls can support almost anything you would ever want from a firewall.
With the recent introduction of the PIX 501 router, Cisco can offer a low-priced (under $500) firewall solution. This option is great for home office workers and small businesses that couldn't afford the previous offerings. In addition, the 501 runs the same PIX OS as the larger models. So if a business grows and needs to upgrade, it can stick with a familiar configuration and command-line interface.
Summary
Cisco's PIX line offers rock-solid firewalls for every network, but they are especially suited to the enterprise. They offer a dependable, highly customisable solution for segmenting and protecting any portion of your network, as well as providing the standard firewall function of securely connecting your network to the public Internet.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to fire walls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2001 TechRepublic, Inc.
13%
1%
