Re: Disecting the Cisco PIX

[Kevin Steves <kevin () atomicgears com>]

On Tue, Jul 30, 2002 at 11:39:37AM -0500, Art Mason wrote:
> Out of curiosity, has anyone here ever cracked open any of the Cisco PIX
> series firewalls chassis?  From what I've gathered by reading up on
> their product information and by what people have said about them in
> various mailing lists and newsgroups,  they are actually built on an x86
> hardware platform w/ a Celeron 300MHz (PIX 506E) to Pentium III 1.0GHz
> (PIX 535) CPU and anywhere from 32MB to 1GB RAM .  I understand the
> storage media to be compact flash (4-16MB capacity) and on the low-end
> models w/ 10Mb throughput, they actually use an ISA NIC in the chassis. 

sh version will show processor type etc.

bilder# sh version

Cisco PIX Firewall Version 6.2(1)

Compiled on Wed 17-Apr-02 21:18 by morlee

bilder up 2 hours 42 mins

Hardware:   PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

> I've also read that the PIX doesn't support local logging (everything
> needs to be redirected to a syslog server).  Can anyone confirm any of
> this?  If so, why couldn't one just throw OpenBSD onto some flash media,

true on logging.  it can do TCP syslog though and has a log buffer
like IOS.

> drop a couple of Intel Pro100+ dual-port NICs in a 2U rackmount case,
> maybe offload some of the VPN stuff onto an ASIC-based encryption
> acceleration card, and save some big bucks, granted they know how to set
> up PF from the CLI?  This is just something I've been wondering about
> for a while, and was curious as to what others in the know had to say
> about it.  Thanks in advance.

maybe http://www.soekris.com/ for a hardware platform.

-- 
Kevin Steves     | kevin () atomicgears com
Atomic Gears LLC | http://www.atomicgears.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards