Cisco PIX |
Cisco PIX (Private Internet EXchange) is a Firewall_%28networking%29 originally designed by Brantley Coile and John Mayes of Network Translation, Inc. Their company was acquired in 1995 by Cisco Systems, Inc, who now sells the PIX technology and continues its development. The PIX runs a custom-written proprietary operating system originally called Finesse (Fast InterNEt Server Executive), but now the software is known simply as PIX OS. It is classified as a network layer firewall with stateful firewall. By its design it allows internal connections out (outbound traffic), and only allows inbound traffic that is a response to a valid request or is allowed by an ACL (Access Control List) or a conduit. The PIX can be configured to perform many functions including NAT (network address translation) and PAT (port address translation).
The PIX is constructed using Intel-based/Intel-compatible motherboards and Intel network chipsets. The PIX Bootstrap off of a proprietary Industry_Standard_Architecture Flash_memory memory daughtercard in the case of the PIX Classic, 10000, 510, 520, and 535, and it boots off of integrated flash memory in the case of the PIX 501, 506/506e, 515/515e, 525, and WS-SVC-FWM-1-K9. Due to the standard nature of the PIX s components, it is technically feasible to construct (but legally questionable to sell) a frankenpix from older computer parts that use the Intel chipset, such as motherboards and network cards. The only nonstandard part involved is the ISA flash card, from which the machine boots. Such cards may be had from people upgrading their PIX to a newer OS, as the newer PIX OS images won t fit on the 512kB or 2 MB flash cards found in the PIX Classic, PIX 10000, PIX 510, and PIX 520; except for the 501 and 506, which have 8MB of flash, one must have at least 16 MB of flash to run versions 5.2 on up.
The PIX technology is also sold in a Computing_blade, the WS-SVC-FWM-1-K9, for the Cisco Catalyst 6500 switch series and the 7600 Router series.
==History and hardware/software specfications==
---Information on models supported as of 6/27/2005 verified from [http://www.cisco.com/application/pdf/en/us/guest/products/ps2030/c1031/ccmigration_09186a008007d065.pdf Cisco s PIX Brochure] (page 2) and the specific [http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_models_home.html product pages]
==Performance specifications==
---Information on models supported as of 6/27/2005 verified from [http://www.cisco.com/application/pdf/en/us/guest/products/ps2030/c1031/ccmigration_09186a008007d065.pdf Cisco s PIX Brochure] (page 2) and the specific [http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_models_home.html product pages]
==Footnotes==
The inside port is connected to an internal, unmanaged, auto-polarity 4 port Network_switch. Restricted package / Unrestricted package limits (referred to by Cisco as R and UR/FO/FO-AA, respectively). According to Cisco, the 1000baseSX card is not officially supported by the 515/515e, but it will work. VAC acceleration vs VAC+ (in parenthesis) acceleration (Implies Unrestricted package). Older 520 s made before February 2000 and with a serial number less than 18025677 shipped with a 2 MB flash card. Newer 520 s shipped with a 16 MB flash card. The WS-SVC-FWM-1-K9 blade has no fixed ports or internal expansion; it makes use of either VLAN interfaces (being used by physical interfaces on a remote switch) or the physical interfaces on the switch/router it is installed in. PIX Classic firewalls with a serial number of 06002015 or lower came with 512k flash. Newer models came with 2 MB flash. The WS-SVC-FWM-1-K9 blade only supports IPSec VPN for management. It doesn t have the ability to terminate a VPN connection for remote users. The PIX 520 received updated PII processors as they became available, starting with the PII 233 and ending with the PII 350. The ASUS-manufactured ATX motherboard in the 520 can support any Slot_1 processor from the Celeron Covington, Celeron Mendocino, Pentium II Klamath, Pentium II Deschutes, and the Pentium III Katmai families. Some (afaik all) PIX 520 models use the Intel [http://support.intel.com/support/motherboards/desktop/SE440BX2/ SE440BX-2] motherboard. Cannot be removed or upgraded. In early 2005, Cisco indicated that PIX OS 7.x would only support the 515, 515e, 525, and 535, while a stripped-down version would eventually be released for the 501 and 506e. It is actually possible to update the 506E to 7.x by removing all management software. Running the highest possible PIX OS version requires the use of the PIX-FLASH-16MB flash card, as the 5.2 through 6.3 train won t fit on a 512KB or 2MB flash card. Shows flash chips on the 2MB flash card versus the chips on the 16MB flash card. Various models of the 525 use different flash chips, probably due to differing production runs. Shows flash chips on the 512KB flash card versus the chips on the 2MB flash card. While the PIX 535 boots off of the same ISA flash card as some PIX 510 s and 520 s (the PIX-FLASH-16MB) its newer on-board PIX BIOS (version 4.x) overrides the PIX BIOS on the flash card (version 3.6) at boot. Since both the 510 and 520 have standard ATX motherboards, the PCI slot count can be higher or lower than the default if the motherboard is replaced with a different one.
==List of PCI and ISA expansion cards for the PIX==
== See also ==
|
|