• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

PIX 515e satisfy requirements?

I got roughly 80 users at corporate, and roughly 20 sites with each one having about 2-10 computers.  About 8 sites has a Fractional T1 from 256 to 512KB, and the others are DSL lines.  It's a hub and spoke diagram where they come back for me for internet:


                                                                                                        Remote
                                                                                                      /
 Internet--->[router]--->[checkpoint FW]----LAN----[Router2]---WAN---- Remote
                                                                                                      \
                                                                                                        Remote

The vpn tunnels are managed by Qwest.

Question:
I got a Checkpoint firewall and I am looking to replace it.  I got a PIX 515e in mind.  But should I get a PIX 515e Restricted, or a PIX 515e UnRestricted?  I know the UnRestricted has more throughput then the Restricted.  Which PIX will satisfy my requirements?
0
Pentrix2
Asked:
Pentrix2
2 Solutions
 
JFrederick29Commented:
The restricted license will allow you to use 3 physical interfaces (versus 6), will allow 48,000 connections (versus 130,000), provides 64MB of ram (versus a maximum of 128MB) and does not support failover (not sure if you were looking to implement this).

I would recommend going with the unrestricted license if at all possible but the restricted should suffice if you don't need more than one additional physical interface and don't need failover.  The 64MB of ram would concern me a little bit, I'd feel much better with 128MB in the PIX.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html
0
 
lrmooreCommented:
A general rule of thumb for sizing a PIX
501 = < 25 users, 1-2 public servers, max 4 vpns
506 = 25 - 50 users + some VPNs + 2-3 public servers
515R = 50-150 users + lots of VPNs + handful of public servers
515UR = 100-150 users + VPNs + failover
525  = 150 + users, more than 3 interfaces needed, + failover + Gigabit capability + >10Mb ISP/T3
535 = Enterprise/ISP/Hosing provider

>I know the UnRestricted has more throughput then the Restricted.
Not necessarily. Your throughput will be restricted by your T1/ISP connection, not by the PIX. If you have a single or even dual T1's, neither PIX will have any greater throughput than the other.

I would not hesitate to go with the 515e Restricted. As long as it comes with 64Mb RAM, you can even upgrade it to 7.0(1).
You can always upgrade to UNrestricted at any time in the future to add failover feature, etc with a simple RAM upgrade and new license key.

Go for it, dude!
0
 
Pentrix2Author Commented:
Thanks JFrederick29 and Irmoore for all the great inputs.  I would be purchasing the PIX 515R because my vpn tunnels are managed by Qwest and probably would stay like that forever.  I'll give you guys an update once I'm finished my PIX class and deploying it in my network.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now