Guest

Cisco PIX 500 Series Security Appliances

Cisco PIX 506E and 515E Firewalls

Q & A


Cisco PIX® 506E and 515E Firewalls


Q. What does "E" stand for in the product name?

A. The "E" indicates that this is an enhanced version of the widely popular Cisco PIX® 506 or 515 Firewall platforms. Enhancements include more powerful processors, which result in up to a two and one-half times increase in firewall and virtual private network (VPN) performance, depending on packet size. In the case of the Cisco PIX 515E models (with Unrestricted or Failover licenses), this enhancement also provides integrated hardware-based VPN acceleration.

Q. Are the E platforms substantially different from the Cisco PIX 506 and 515 platforms that I am already familiar with?

A. Although the enhancements to firewall and VPN performance are significant, the Cisco PIX 506E and 515E platforms offer the same form factor, flexibility, interface support, and Cisco PIX OS support as the Cisco PIX 506 and 515 models.

Q. What changes were introduced with the E platforms?

A. Table 1 gives details on the differences between the Cisco PIX 515 and 515E and the Cisco PIX 506 and 506E platforms.

Table 1: Differences Between Cisco PIX 515 and 515E and Cisco PIX 506 and 506E Firewalls

  Cisco PIX 515 Firewall  Cisco PIX 515E Firewall 
Processor

200-MHz Intel Pentium MMX

433-MHz Intel Celeron

Firewall throughput*

146 Mbps

188 Mbps

VPN throughput*

10-Mbps software

22-Mbps "R" models63-Mbps "UR" models

Integrated hardware VPN acceleration

No

Yes, Unrestricted and Failover models

Cisco PIX 506 Firewall

Cisco PIX 506E Firewall

Processor

200-MHz Intel Pentium MMX

300-MHz Intel Celeron

VPN throughput*

10 Mbps

16 Mbps

Power supply

External power supply with 6-pin connector to Cisco PIX 506

External power supply with 8-pin connector to Cisco PIX 506E

Fan

Integrated fan for system cooling

Significantly quieter fan (10 dB less), providing benefit for desktop-based deployments



*1500-byte packets

Q. How is the embedded VPN feature provided within the Unrestricted and Failover models?

A. These models incorporate the Cisco PIX VPN Accelerator Card (VAC), a hardware-based VPN accelerator that is designed not only to improve IP Security (IPSec) encryption processing, but also to maintain high-end firewall performance. It is integrated into Cisco PIX 515E firewalls that have an Unrestricted or Failover license. For more information about the Cisco PIX VAC, go to
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/vac_ds.htm

Q. What software versions are supported on the E platforms?

A. Cisco PIX Firewall software versions 5.2(7), 5.3(3), 6.0(2), and 6.1(2), as well as future versions, will provide support for the Cisco PIX 506E and 515E platforms.

Q. Can I configure a Cisco PIX 515E and 515 to work together in a redundant hot standby pair?

A. In order for Cisco PIX Failover functionality to work, you need to ensure that both units are the same model (one with a Unrestricted license and the other with an Failover license) and have the same software version, encryption licenses, Flash memory, and the same RAM. Failover between the Cisco PIX 515E and 515 is not supported.

Q. How long will the Cisco PIX 506 and 515 platforms be supported?

A. The support schedule for the Cisco PIX 506 and 515 platforms is as follows:

  • End of sale: May 24, 2002 (no longer available for purchase)
  • End of software support: May 24, 2005
  • End of hardware support: May 24, 2007 (hardware repairs or exchanges are no longer available)

Q. How can I distinguish the new Cisco PIX 506E/515E platform from the 506/515 platforms?

A. The new Cisco PIX 506E/515E platforms are recognizable in multiple ways:

1. The front bezel on the new platforms includes the E designator.

2. The model number printed on the rear panel label includes the E designator.

3. The output from the show version command displays the hardware and processor type, as well as other values.

The following is sample output from the show version command.

show version

Cisco Secure PIX Firewall Version 6.1(0)

Compiled on Fri 01-Oct-01 13:56 by pixbuild

pix515E up 4 days 22 hours 10 mins 42 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium 433 MHz

Flash i28F640J5 @ 0x300

BIOS Flash AT29C257 @ 0xfffd8000

0: ethernet0: address is 00aa.0000.0037, irq 11

1: ethernet1: address is 00aa.0000.0038, irq 10

2: ethernet2: address is 00a0.c92a.f029, irq 9

3: ethernet3: address is 00a0.c948.45f9, irq 7

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Disabled

Maximum Interfaces: 6

Serial Number: 123 (0x7b)

Activation Key: 0xc5233151 0xb429f6d0 0xda93739a 0xe15cdf51

Q. What are the management options for the Cisco PIX 506E and 515E?

A. Customers have a choice of using the CiscoWorks VPN/Security Management Solution (VMS) or the Cisco PIX Device Manager (PDM).

CiscoWorks VMS is an enterprise management solution suite that provides a comprehensive solution for VPN and security management. Web based, CiscoWorks VMS is used for configuring, monitoring, and troubleshooting enterprise VPNs, firewalls, and the network- and host-based Cisco Secure Intrusion Detection System (IDS). CiscoWorks VMS is a scalable solution that addresses the needs of small- and large-scale VPN and security deployments.

The Web-based Cisco PDM configuration tool enables graphical configuration and monitoring of Cisco PIX firewalls without requiring extensive knowledge of the command-line interface (CLI). Cisco PDM is a tool for configuring, managing, and monitoring one Cisco PIX Firewall at a time.

Although CiscoWorks VMS and Cisco PDM provide a graphical interface to the Cisco PIX Firewall, the resulting commands that they read and write are CLI commands.

CiscoWorks VMS and Cisco PDM are complementary management tools. Cisco PIX Device Manager is a tool for configuring, managing, and monitoring a single Cisco PIX Firewall. CiscoWorks VMS enables centralized management and uniform deployment of network policies. CiscoWorks VMS supports the configuration of multiple Cisco security products, such as site-to-site VPNs, Cisco Secure IDS, and Cisco PIX Firewalls.

CiscoWorks VMS will support the Cisco PIX 506E and 515E when they are introduced. CiscoWorks VMS will support Cisco PIX Version 6.2 in a future release.

Additional Information

For more information about the Cisco PIX 515E Firewall, go to
http://www.cisco.com/go/pix

For more information about the Cisco PIX 506E Firewall, go to
http://www.cisco.com/go/pix

For more information about the Cisco PIX VPN Accelerator Card (VAC), go to
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/vac_ds.htm

For additional information on CiscoWorks VMS:
http://www.cisco.com/warp/public/cc/pd/wr2k/vpmnso/prodlit/cwvpn_ov.htm

For additional information on Cisco PDM:
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.htm