Cisco PIX 515E Firewall - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Cisco PIX 515E Firewall

Description:

Protect one or more perimeter networks, also know as a DMZ (demilitarized zone) ... A restricted license provides a cost-optimized firewall solution for simplified ... – PowerPoint PPT presentation

Number of Views:88
Avg rating:3.0/5.0
Slides: 24
Provided by: philipd62
Category:
Tags: 515e | pix | cisco | firewall | license

less

Transcript and Presenter's Notes

Title: Cisco PIX 515E Firewall


1
Cisco PIX 515E Firewall
2
Overview
  • What a PIX Firewall can do
  • Adaptive Security Algorithm
  • Address Translation
  • Cut-Through Proxy
  • Access Control
  • Network Intrusion Detection

3
Overview Cont..
  • Specific Protocols and Applications
  • PIX Technical Specs
  • Expansion and Interfaces
  • PIX Firewall Comparison Chart
  • PIX Firewall Licensing
  • PIX Firewall Price List
  • Bibliography

4
What a PIX Firewall can do
  • Protect one or more perimeter networks, also know
    as a DMZ (demilitarized zone)
  • Allows you to implement security policies for
    connection to and from the inside network
  • Can be used within an intranet to protect a
    specific group of internal computing systems

5
Adaptive Security Algorithm (ASA)
  • Allows one way connections (inside to outside)
    without an explicit configuration for each
    internal system and application
  • Always in operation
  • No packets can traverse the PIX Firewall without
    a connection and state
  • All ICMP packets are denied unless specifically
    permitted

6
Multiple Interfaces and Security Levels
  • All PIX Firewalls provide at least two interfaces
    assigned a security level of 0 and 100,
    respectively

7
Address Translation
  • Network Address Translation (NAT)
  • Works by substituting or translating host
    addresses on one interface with a global address
    associated with another interface
  • Port Address Translation (PAT)
  • Uses port remapping which allows a single valid
    IP address translation for up to 64,000 active
    objects
  • Does not work with multimedia applications that
    have an inbound data stream different from the
    outgoing control path

8
Cut-Through Proxy
  • Unique feature of a PIX Firewall
  • Allows user-based authentication of inbound or
    outbound connections
  • A PIX Firewall uses cut-through proxy to
    authenticate a connection and then allow traffic
    to flow quickly and directly

9
Access Control
10
Access Lists
  • Uses standard and extend ACLs
  • Implemented using access-list and access-group
    commands

11
TurboACL
  • Introduced in PIX Firewall version 6.2
  • Supports access lists with up to 16,000 access
    list entries

12
Network Intrusion Detection
13
Flood Guard
  • Helps prevent a denial of service (DoS) attack
  • Enabled by default and can be controlled with the
    floodguard 1 command

14
ActiveX Blocking
  • Blocks HTML ltobjectgt commands and comments them
    out of the HTML web page

15
Java Filtering
  • Prevents Java applets from being downloaded by a
    system on a protected network

16
Specific Protocols and Applications
  • Mail Guard
  • Multimedia Applications
  • RAS Version 2
  • Real Time Streaming Protocol (RTSP)
  • Voice over IP
  • H.323
  • SCCP
  • SIP

17
Technical Specs
  • Cleartext throughput 188 Mbps
  • 168-bit 3DES IPsec VPN throughput 63 Mbps
  • Simultaneous VPN tunnels 2,000
  • Processor 433-MHz Intel Celeron
  • Random Access Memory 32 MB, or 64 MB of SDRAM
  • Flash Memory 16 MB
  • Cache 128 KB level 2 at 433 MHz
  • System BUS Single 32-bit, 33-MHz PCI

18
Expansion and Interfaces
  • PCI BUS Two 32-bit/33-MHz PCI
  • Random Access Memory Two 168-pin DIMM slots(64
    MB maximum supported byCisco PIX OS)
  • Integrated Network Ports Two 10/100 Fast Ethernet
    (RJ-45)
  • Console Port RS-232 (RJ-45) 9600 baud
  • Failover Port RS-232 (DB-15) 115 Kbps(Cisco
    specified cable required)

19
PIX Firewall Comparison Chart
20
PIX Firewall Licensing
Cisco PIX Firewall licenses are available in
Unrestricted, Restricted, and Fail-Over
configurations. These basic licenses can be
augmented with VPN DES or 3DES cryptographic
services. UnrestrictedPIX Firewall platforms in
an Unrestricted (UR) license mode allow
installation and use of the maximum number of
interfaces and RAM supported by the platform. The
Unrestricted license supports a redundant 'hot
standby' system for Fail-over operation to
minimize network downtime.
21
PIX Firewall Licensing cont..
RestrictedPIX Firewall platforms in a Restricted
(R) license mode limit the number of interfaces
supported and the amount of RAM available within
the system. A restricted license provides a
cost-optimized firewall solution for simplified
network connectivity requirements, or where lower
than the maximum number of user connections are
acceptable. A Restricted licensed firewall does
not support a redundant system for fail-over
configurations. Fail-OverThe Fail-Over (FO)
software licenses place the Cisco PIX Firewall in
a 'hot-standby' mode for use along side another
PIX Firewall with an Unrestricted license.
Fail-Over software licensing provides stateful
fail-over capabilities thus enabling high
availability network architectures. The fail-over
PIX firewall acts as a fully redundant system
maintaining state with all active sessions on the
primary PIX Firewall, thereby minimizing
connection disruptions due to equipment or
network failures.
22
Current PIX 500 Series Firewall Price Listing
(Prices compiled from CDW and MicroWarehouse)
23
Bibliography
  • All information was obtained through Ciscos
    website and the Cisco Press PIX Textbook unless
    otherwise noted.
Write a Comment
User Comments (0)
About PowerShow.com