Solved

need help selecting a PIX 515e

Posted on 2006-10-23
5
298 Views
Last Modified: 2010-04-11
I am looking at purchasing a PIX 515e.
I'm a little awash in the available options. Perhaps someone can help with some advice or informative links. I am looking at Cisco's website so i know what the abbreviations stand for but i'm not sure which ones i need.

I have a small business with a static ip, a DSL Netopia router, a SBS server and a standard 2003 server.
I need a firewall with VPN capability.
Also DMZ capability would be nice. Not sure if this is only available with DMZ option.
Not sure how licensing and Smartnet support works and if it is necessary.
I would like to host my own website, FTP, and mail server.

Thanks in advance.

FO
FE
BUN
AA
R/UR
DMZ
DC
DES
0
Comment
Question by:ArkAdmin
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:instillmotion
ID: 17790588
The environment you describe doesn't need more than a pix 506. It will save you some money, and  even though it only has an outside and inside interface you can still do dmz because it supports 2 vlans on the inside interface:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b13.html
Off course it supports vpn as well and any everything you need for your above described setup.
Ebay has some great deals. I have 2 of those running for the past 2 yrs without any issues.

If you insist on the higher end 515.

You will require DMZ, because it will include an additional interface for that purpous. You don't require FO unless you want to have a active/failover setup, where you need to buy an additioanl failover pix firewall.  Same thing you don't require AA unless you want to have a active/active setup, requiring a second pix as well for load balancing and failover. You might want the UR unrestricted license, but you can probably do without.

Although a restricted PIX typically supports fewer concurrent connections through the firewall, it is not a problem in most cases because even the lower-end restricted PIX 515 will support 50,000 concurrent users.
A restricted PIX typically comes with about half of the RAM of an unrestricted PIX.

DES/3DES option. Depends what type of encryption you need. Most new PIXes are sold with DES encryption only and you can then submit a request to upgrade to 3DES free of charge upon signing their encryption license agreement. This can be done online at www.cisco.com





0
 

Author Comment

by:ArkAdmin
ID: 17791052
It looks like the 506 will work for me.

How is the 506E different?

How do I know if i need the unrestricted license?

Does the 506 require VPN client licenses? I am looking at a couple new/nearly new and/or refurbed 506's on ebay. Is there anything I need to watch out for regarding licensing, unlocking, etc?

Thanks.
0
 
LVL 7

Accepted Solution

by:
instillmotion earned 500 total points
ID: 17791345
In terms of standalone functionality, you will find the 506E can support pretty much all the same features that a 515 would support. It actually runs the same software, so software functionality is there.
However the 506 is limited to 2 interfaces, you cannot set it up in a failover scenario, the chassis is smaller, though rack mountable, the power supply outlet is less (heavy duty).
On a pix 501 0r 506 the license is always considered restricted however what you want to look for is the DES/3DES encryption:
"Software Licenses
3DES/AES and DES Encryption Licenses
The Cisco PIX 506E Security Appliance has two optional encryption licenses-one license (PIX-506-SW-3DES) enables 168-bit 3DES and up to 256-bit AES encryption, the other license (PIX-VPN-DES) enables 56-bit DES encryption. Both are available either at the time of ordering the Cisco PIX 506E Security Appliance, or can be obtained subsequently through Cisco.com. Note that an encryption license must be installed to activate encryption services which are required before using certain features including VPN and secure remote management."

I would go for the 3DES license as the encryption is a lot more secure than DES.

A good example of a 506 I would purchase is:
http://cgi.ebay.com/Cisco-PIX-506-3DES-FIREWALL-64MB-UNLIMITED-6-3-5-501_W0QQitemZ130039564220QQihZ003QQcategoryZ64019QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

In terms of client license, by virtue of owning a pix you are entitled to use the client software to my knowledge.
However if you don't already have access to the software you will not be able to download it from the cisco website without a support contract.
However a quick search on google will find several locations where you can download the latest version: ie: http://www1.umn.edu/adcs/help/vpn/
0
 

Author Comment

by:ArkAdmin
ID: 17791454
thx for the 101 on 506e.
i also found the modified rack shelf for the 506 form factor.
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17791505
You're welcome, thx for the points.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPSec/L2TP 25 36
Monitor Bandwidth throughput in Fortigate 100D 1 35
Bandwidth issues? 5 42
Reverse DND setup 6 38
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question