Solved

need help selecting a PIX 515e

Posted on 2006-10-23
5
281 Views
Last Modified: 2010-04-11
I am looking at purchasing a PIX 515e.
I'm a little awash in the available options. Perhaps someone can help with some advice or informative links. I am looking at Cisco's website so i know what the abbreviations stand for but i'm not sure which ones i need.

I have a small business with a static ip, a DSL Netopia router, a SBS server and a standard 2003 server.
I need a firewall with VPN capability.
Also DMZ capability would be nice. Not sure if this is only available with DMZ option.
Not sure how licensing and Smartnet support works and if it is necessary.
I would like to host my own website, FTP, and mail server.

Thanks in advance.

FO
FE
BUN
AA
R/UR
DMZ
DC
DES
0
Comment
Question by:ArkAdmin
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:instillmotion
Comment Utility
The environment you describe doesn't need more than a pix 506. It will save you some money, and  even though it only has an outside and inside interface you can still do dmz because it supports 2 vlans on the inside interface:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b13.html
Off course it supports vpn as well and any everything you need for your above described setup.
Ebay has some great deals. I have 2 of those running for the past 2 yrs without any issues.

If you insist on the higher end 515.

You will require DMZ, because it will include an additional interface for that purpous. You don't require FO unless you want to have a active/failover setup, where you need to buy an additioanl failover pix firewall.  Same thing you don't require AA unless you want to have a active/active setup, requiring a second pix as well for load balancing and failover. You might want the UR unrestricted license, but you can probably do without.

Although a restricted PIX typically supports fewer concurrent connections through the firewall, it is not a problem in most cases because even the lower-end restricted PIX 515 will support 50,000 concurrent users.
A restricted PIX typically comes with about half of the RAM of an unrestricted PIX.

DES/3DES option. Depends what type of encryption you need. Most new PIXes are sold with DES encryption only and you can then submit a request to upgrade to 3DES free of charge upon signing their encryption license agreement. This can be done online at www.cisco.com





0
 

Author Comment

by:ArkAdmin
Comment Utility
It looks like the 506 will work for me.

How is the 506E different?

How do I know if i need the unrestricted license?

Does the 506 require VPN client licenses? I am looking at a couple new/nearly new and/or refurbed 506's on ebay. Is there anything I need to watch out for regarding licensing, unlocking, etc?

Thanks.
0
 
LVL 7

Accepted Solution

by:
instillmotion earned 500 total points
Comment Utility
In terms of standalone functionality, you will find the 506E can support pretty much all the same features that a 515 would support. It actually runs the same software, so software functionality is there.
However the 506 is limited to 2 interfaces, you cannot set it up in a failover scenario, the chassis is smaller, though rack mountable, the power supply outlet is less (heavy duty).
On a pix 501 0r 506 the license is always considered restricted however what you want to look for is the DES/3DES encryption:
"Software Licenses
3DES/AES and DES Encryption Licenses
The Cisco PIX 506E Security Appliance has two optional encryption licenses-one license (PIX-506-SW-3DES) enables 168-bit 3DES and up to 256-bit AES encryption, the other license (PIX-VPN-DES) enables 56-bit DES encryption. Both are available either at the time of ordering the Cisco PIX 506E Security Appliance, or can be obtained subsequently through Cisco.com. Note that an encryption license must be installed to activate encryption services which are required before using certain features including VPN and secure remote management."

I would go for the 3DES license as the encryption is a lot more secure than DES.

A good example of a 506 I would purchase is:
http://cgi.ebay.com/Cisco-PIX-506-3DES-FIREWALL-64MB-UNLIMITED-6-3-5-501_W0QQitemZ130039564220QQihZ003QQcategoryZ64019QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

In terms of client license, by virtue of owning a pix you are entitled to use the client software to my knowledge.
However if you don't already have access to the software you will not be able to download it from the cisco website without a support contract.
However a quick search on google will find several locations where you can download the latest version: ie: http://www1.umn.edu/adcs/help/vpn/
0
 

Author Comment

by:ArkAdmin
Comment Utility
thx for the 101 on 506e.
i also found the modified rack shelf for the 506 form factor.
0
 
LVL 7

Expert Comment

by:instillmotion
Comment Utility
You're welcome, thx for the points.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now