© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.24-1 Lesson 4 Cisco PIX Firewall Family.

Презентация:

Advertisements

Похожие презентации

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 4 Cisco PIX Firewall Family.

Advertisements

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec.

© 2002, Cisco Systems, Inc. All rights reserved. AWLF 3.0Module 7-1 © 2002, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 4 Cisco Virtual Private Network 3000 Concentrator Series Hardware Overview.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 21 Firewall Services Module.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Completing ISDN Calls Configuring ISDN BRI and PRI.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.

Designing Virtual Private Networks © 2004 Cisco Systems, Inc. All rights reserved. Designing Site-to-Site VPNs ARCH v

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.

Транксрипт:

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 4 Cisco PIX Firewall Family

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives Upon completion of this lesson, you will be able to perform the following tasks: Identify the PIX Firewall models. Describe the key features of the PIX 501, 506E, 515E, 525, and 535 Firewall. Identify the PIX 501, 506E, 515E, 525, and 535 Firewall controls, connectors, and LEDs. Identify the PIX 501, 506E, 515E, 525, and 535 Firewall interfaces. Identify the PIX Firewall expansion cards. Explain the PIX Firewall licensing options.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives (Cont.) Describe the key features of the Firewall Services Module for the Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Router. Identify the switch and router slots in which the Firewall Services Module can be installed. Identify and describe LEDs that display the status of the Firewall Services Module.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Models

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA SMB Price Functionality Gigabit Ethernet PIX Firewall Family Enterprise ROBO PIX Firewall 515E PIX Firewall 525 PIX Firewall 535 SOHO PIX Firewall 501 PIX Firewall 506E SP

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501 Designed for small offices and teleworkers 7500 concurrent connections 60-Mbps clear text throughput 16-Mbps SDRAM Supports one 10/100BASE-T* Ethernet interface (outside) and a 4-port 10/100 switch (inside) VPN throughput –3-Mbps 3DES –4.5-Mbps 128-bit AES 10 simultaneous VPN peers *100BASE-T speed option is available in release 6.3.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501Front Panel LEDs VPN tunnel Power 100 Mbps Link/act

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501Back Panel Security lock slot Power connector 10/100BASE-T (RJ-45) Console port (RJ-45) 4-port 10/100 switch (RJ-45)

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506E Designed for small and remote offices 25,000 concurrent connections 100-Mbps clear text throughput 32-MB RAM Supports two interfaces (10/100BASE-T)* VPN throughput –17-Mbps 3DES –30-Mbps 128-bit AES 25 simultaneous VPN peers *100BASE-T speed option is available in release 6.3 for 506E only.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506EFront Panel LEDs Network LED Active LED Power LED

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506EBack Panel LINK LED Console port (RJ-45) Power switch ACT(ivity) LED 10/100BASE-T (RJ-45) 10/100BASE-T (RJ-45) ACT(ivity) LED LINK LED USB port

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515E Designed for small to medium businesses 130,000 concurrent connections 188-Mbps clear text throughput 32/64-MB RAM Supports six interfaces Supports failover VPN throughput –140-Mbps 3DES (VAC+) –140-Mbps 256-bit AES (VAC+) 2,000 IPSec tunnels

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFront Panel LEDs Network LED Power LED Active failover firewall

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EBack Panel Expansion slots Fixed interfaces

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFixed Interface Connectors Failover connector FDX LED LINK LED 100 Mbps LED FDX LED Console port (RJ-45) 10/100BASE-T Ethernet 1 (RJ-45) Power switch LINK LED 100 Mbps LED 10/100BASE-TX Ethernet 0 (RJ-45) LINK LED

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EExpansion Slot Option Cards VAC VAC+4 FE - 66 Fast Ethernet VPN Accelerator 1FE Expansion Slots

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFE Card Port Numbering PIX Firewall 515E option cards require the UR license. Single-port card Quad-port card

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525 Designed for enterprise 280,000 concurrent connections 330-Mbps clear text throughput 128/256-MB RAM Supports eight interfaces Supports failover VPN throughput 155-Mbps 3DES (VAC+) 170-Mbps 256-bit AES (VAC+) 2,000 IPSec tunnels

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Front Panel LEDs Power LED Active LED

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525 Back Panel Expansion slots Fixed interfaces

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Fixed Interface Connectors 100 Mbps LED ACT(ivity) LED LINK LED LINK LED Failover connection 10/100BASE-TX Ethernet 1 (RJ-45) USB port Console port (RJ-45) 10/100BASE-TX Ethernet 0 (RJ-45)

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Expansion and VAC Cards VPN Accelerator card Gigabit Ethernet card Fast Ethernet cards

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535 Designed for enterprise and service providers 500,000 concurrent connections 1.7-Gbps clear text throughput 1-GHz Intel Pentium III processor 512/1000-MB RAM Maximum of 10 interfaces Supports failover VPN throughput –440-Mbps 3DES (VAC+) – bit AES (VAC+) 2,000 IPSec tunnels

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Front Panel LEDs Power ACT

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Bus 1 Bus 0 (64-bit/66-MHz) Bus 2 (32-bit/33-MHz) PIX Firewall 535Back Panel Slots Slots Console RJ-45 USB port DB-15 failover

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Option Cards VAC VAC+ 1GE 1GE FE - 66 Gigabit EthernetFast Ethernet VPN Accelerator 1FE 4 FE (EOS)

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Back Panel DB-15 failover Slot 8 Slot 7 Slot 6 Slot 5 Slot 4 Slot 3 Slot 2Slot 1 Slot 0Console RJ-45 USB port

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Licensing

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA License Types UnrestrictedAllows installation and use of the maximum number of interfaces and RAM supported by the platform RestrictedLimits the number of interfaces supported and the amount of RAM available within the system FailoverPlaces the PIX Firewall in a failover mode for use alongside another PIX Firewall with an unrestricted license Applies to PIX Firewall 515/515E, 525, and 535

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515E, 525, and 535 License Comparison Table Maximum accounts for the requirement of two physical interfaces and maximum number of VLANs in any PIX Firewall. Model515E Restricted Maximum physical368 Maximum VLANs346 Maximum568 RAM Unrestricted Maximum physical6810 Maximum VLANs81022 Maximum RAM642561,000

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA VPN Encryption License DES license Provides 56-bit DES 3DES/AES license –Provides 168-bit 3DES –Provides up to 256-bit AES Applies to PIX Firewall Family

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Firewall Services Module

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM Designed for high-end enterprise and service providers Runs in Cisco Catalyst 6500 Series switches and 7600 Series routers Based on PIX Firewall technology PIX Firewall 6.0 feature set (some 6.2) 1 million simultaneous connections Over 100,000 connections per second 5-Gbps throughput 1-GB DRAM Supports 100 VLANs Supports failover

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM in the Catalyst 6500 Switch Supervisor engine Redundant supervisor engine Switching modules Fan assembly Power supply 1 Power supply 2 ESD ground strap connector FWSM

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM in the Cisco 7609 Internet Router OSMs Redundant supervisor engine FWSM Fan assembly Power supply 1 Power supply 2 Switch Fabric Module Supervisor engine Redundant Switch Fabric Module ESD ground strap connection Slots 1-9 (right to left)

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary There are currently five PIX Firewall models in the 500 series: 501, 506E, 515E, 525, and 535. The PIX Firewall models 501, 506E, 515E, 525, and 535 come equipped with Ethernet connections, console connections, and intuitive LEDs. PIX Firewall models 515E, 525, and 535 support failover. Your PIX Firewall license determines the PIX Firewalls level of service in your network and the number of interfaces it supports.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary (Cont.) Restricted, unrestricted, and failover licenses are available for PIX Firewall models 515E, 525, and 535. Based on PIX Firewall technology, the Firewall Services Module for the Cisco Catalyst 6500 Switches and Cisco 7600 Series Internet Routers provides an alternative to the PIX Firewall appliance. FWSM supports the PIX Firewall Software Release 6.0 feature set as well as some of the 6.2 feature set. FWSM delivers multigigabit throughput and 1 million concurrent connections.