Firewall Wizards mailing list archives
RE: PIX firewall licensing and beyond (newbie)
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 7 Sep 2005 13:49:35 -0400
1. That depends on how much bandwidth you'll actually use and what you're doing with the PIX. If, for example, the actual pipe is a frac T3 burstable to 45Mbps and your servers are going to pass primarily TCP traffic across the PIX, a 515E is a fine choice. Want to do large volume VPN tunnels or use the full 100Mb link for sustained periods, you may be looking for something bigger. 2. There's no more licensing for 3DES/AES. Any PIX can get a key free from Cisco, and anything you buy new should come with it. The big choice you're looking at is R-BUN vs. UR-BUN. If you only need 2-3 interfaces, are just sticking tens of servers behind it (and not an office full of users), and don't need fail-over, then the R-BUN is perfect for you. Otherwise, UR-BUN. 3. Nope. PIX OS is PIX OS no matter the model. (unless it's 7.x) 4. Depends on the model, but the 515E comes with at least 2 ports but can be configured for 3, 4, or 6 interfaces as well. You buy either 1-port (1FE) cards, or a 4-port card (4-FE). Remember that 4 or 6 interfaces requires a UR license. 5. I probably shouldn't give VAR/reseller names on-list. But at the end of the day, everybody that resells Cisco is subject to the same availability issues and delivers the same products. And if the only support you buy is Cisco SmartNet, then you get all of your support from them also. Shop on price is my advice. Or call Cisco. If it's a big enough order (a handful of 515E's won't qualify), they'll gladly hand over the lead to a channel partner who's going to get stuck with a tiny margin because Cisco brought them the lead and wants the sale. This works especially well if it's a scenario where the Cisco products are up against another competitor (like Juniper or Symantec). :-) 6. Cisco's website is actually pretty good as a support/reference resource. Better than most. Also, this list's archives. And before you get too far into your new firewall, I recommend: http://www.enterastream.com/whitepapers/cisco/pix/pix-practical-guide.html If nothing else it's a good introduction to the PIX paradigm, if you will. PaulM -----Original Message----- Subject: [fw-wiz] PIX firewall licensing and beyond (newbie) I come from a linux admin background and have an assignment to setup a pix firewall. This is new territory and will be my first time playing with pix os instead of iptables. Please excuse my newb questions, but we all start somewhere. :-) 1. Which model? Our servers are in a co-location with a 100mbit drop. Would that make the 515E the right choice if we actually want to make use of our bandwith? The pix becomes the bottleneck? 2. I'm a little uneasy about the licensing. What are the typical features I should make sure that are included (e.g., 3DES)? What should I watch out for. 3. I read somewhere that vlan support is only in pix os 6.3. Is vlan support also based on which model I'm using, or do all pix firewall models have this feature? 4. How many physical ports do the pix firewalls typically come with? It seems like it's 2: one uplink, one downlink. I can already think of 3 security levels that I want my servers separated into. Does that mean I have to buy expansion slots? Or should I use VLANs instead? 5. Any recommendations on a location to order the pix firewall and licensing from? Good deals, good support, etc. 6. Any recommendations on some online reading that will help with implementing the pix firewall? It would help to see some example network layouts to get a better idea of how the components should be pieced together. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX firewall licensing and beyond (newbie) Vahid Pazirandeh (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Ryan Steinmetz (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Victor Williams (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) David Lang (Sep 07)
- RE: PIX firewall licensing and beyond (newbie) Paul Melson (Sep 07)