Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемЭдуард Фрунзе
1 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 4 Cisco PIX Firewall Family
2 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives
3 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives Upon completion of this lesson, you will be able to perform the following tasks: Identify the PIX Firewall models. Describe the key features of the PIX 501, 506E, 515E, 525, and 535 Firewall. Identify the PIX 501, 506E, 515E, 525, and 535 Firewall controls, connectors, and LEDs. Identify the PIX 501, 506E, 515E, 525, and 535 Firewall interfaces. Identify the PIX Firewall expansion cards. Explain the PIX Firewall licensing options.
4 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives (Cont.) Describe the key features of the Firewall Services Module for the Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Router. Identify the switch and router slots in which the Firewall Services Module can be installed. Identify and describe LEDs that display the status of the Firewall Services Module.
5 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Models
6 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA SMB Price Functionality Gigabit Ethernet PIX Firewall Family Enterprise ROBO PIX Firewall 515E PIX Firewall 525 PIX Firewall 535 SOHO PIX Firewall 501 PIX Firewall 506E SP
7 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501 Designed for small offices and teleworkers 7500 concurrent connections 60-Mbps clear text throughput 16-Mbps SDRAM Supports one 10/100BASE-T* Ethernet interface (outside) and a 4-port 10/100 switch (inside) VPN throughput –3-Mbps 3DES –4.5-Mbps 128-bit AES 10 simultaneous VPN peers *100BASE-T speed option is available in release 6.3.
8 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501Front Panel LEDs VPN tunnel Power 100 Mbps Link/act
9 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 501Back Panel Security lock slot Power connector 10/100BASE-T (RJ-45) Console port (RJ-45) 4-port 10/100 switch (RJ-45)
10 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506E Designed for small and remote offices 25,000 concurrent connections 100-Mbps clear text throughput 32-MB RAM Supports two interfaces (10/100BASE-T)* VPN throughput –17-Mbps 3DES –30-Mbps 128-bit AES 25 simultaneous VPN peers *100BASE-T speed option is available in release 6.3 for 506E only.
11 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506EFront Panel LEDs Network LED Active LED Power LED
12 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 506EBack Panel LINK LED Console port (RJ-45) Power switch ACT(ivity) LED 10/100BASE-T (RJ-45) 10/100BASE-T (RJ-45) ACT(ivity) LED LINK LED USB port
13 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515E Designed for small to medium businesses 130,000 concurrent connections 188-Mbps clear text throughput 32/64-MB RAM Supports six interfaces Supports failover VPN throughput –140-Mbps 3DES (VAC+) –140-Mbps 256-bit AES (VAC+) 2,000 IPSec tunnels
14 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFront Panel LEDs Network LED Power LED Active failover firewall
15 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EBack Panel Expansion slots Fixed interfaces
16 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFixed Interface Connectors Failover connector FDX LED LINK LED 100 Mbps LED FDX LED Console port (RJ-45) 10/100BASE-T Ethernet 1 (RJ-45) Power switch LINK LED 100 Mbps LED 10/100BASE-TX Ethernet 0 (RJ-45) LINK LED
17 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EExpansion Slot Option Cards VAC VAC+4 FE - 66 Fast Ethernet VPN Accelerator 1FE Expansion Slots
18 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515EFE Card Port Numbering PIX Firewall 515E option cards require the UR license. Single-port card Quad-port card
19 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525 Designed for enterprise 280,000 concurrent connections 330-Mbps clear text throughput 128/256-MB RAM Supports eight interfaces Supports failover VPN throughput 155-Mbps 3DES (VAC+) 170-Mbps 256-bit AES (VAC+) 2,000 IPSec tunnels
20 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Front Panel LEDs Power LED Active LED
21 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525 Back Panel Expansion slots Fixed interfaces
22 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Fixed Interface Connectors 100 Mbps LED ACT(ivity) LED LINK LED LINK LED Failover connection 10/100BASE-TX Ethernet 1 (RJ-45) USB port Console port (RJ-45) 10/100BASE-TX Ethernet 0 (RJ-45)
23 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 525Expansion and VAC Cards VPN Accelerator card Gigabit Ethernet card Fast Ethernet cards
24 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535 Designed for enterprise and service providers 500,000 concurrent connections 1.7-Gbps clear text throughput 1-GHz Intel Pentium III processor 512/1000-MB RAM Maximum of 10 interfaces Supports failover VPN throughput –440-Mbps 3DES (VAC+) – bit AES (VAC+) 2,000 IPSec tunnels
25 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Front Panel LEDs Power ACT
26 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Bus 1 Bus 0 (64-bit/66-MHz) Bus 2 (32-bit/33-MHz) PIX Firewall 535Back Panel Slots Slots Console RJ-45 USB port DB-15 failover
27 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Option Cards VAC VAC+ 1GE 1GE FE - 66 Gigabit EthernetFast Ethernet VPN Accelerator 1FE 4 FE (EOS)
28 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 535Back Panel DB-15 failover Slot 8 Slot 7 Slot 6 Slot 5 Slot 4 Slot 3 Slot 2Slot 1 Slot 0Console RJ-45 USB port
29 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Licensing
30 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA License Types UnrestrictedAllows installation and use of the maximum number of interfaces and RAM supported by the platform RestrictedLimits the number of interfaces supported and the amount of RAM available within the system FailoverPlaces the PIX Firewall in a failover mode for use alongside another PIX Firewall with an unrestricted license Applies to PIX Firewall 515/515E, 525, and 535
31 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall 515E, 525, and 535 License Comparison Table Maximum accounts for the requirement of two physical interfaces and maximum number of VLANs in any PIX Firewall. Model515E Restricted Maximum physical368 Maximum VLANs346 Maximum568 RAM Unrestricted Maximum physical6810 Maximum VLANs81022 Maximum RAM642561,000
32 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA VPN Encryption License DES license Provides 56-bit DES 3DES/AES license –Provides 168-bit 3DES –Provides up to 256-bit AES Applies to PIX Firewall Family
33 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Firewall Services Module
34 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM Designed for high-end enterprise and service providers Runs in Cisco Catalyst 6500 Series switches and 7600 Series routers Based on PIX Firewall technology PIX Firewall 6.0 feature set (some 6.2) 1 million simultaneous connections Over 100,000 connections per second 5-Gbps throughput 1-GB DRAM Supports 100 VLANs Supports failover
35 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM in the Catalyst 6500 Switch Supervisor engine Redundant supervisor engine Switching modules Fan assembly Power supply 1 Power supply 2 ESD ground strap connector FWSM
36 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA FWSM in the Cisco 7609 Internet Router OSMs Redundant supervisor engine FWSM Fan assembly Power supply 1 Power supply 2 Switch Fabric Module Supervisor engine Redundant Switch Fabric Module ESD ground strap connection Slots 1-9 (right to left)
37 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary
38 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary There are currently five PIX Firewall models in the 500 series: 501, 506E, 515E, 525, and 535. The PIX Firewall models 501, 506E, 515E, 525, and 535 come equipped with Ethernet connections, console connections, and intuitive LEDs. PIX Firewall models 515E, 525, and 535 support failover. Your PIX Firewall license determines the PIX Firewalls level of service in your network and the number of interfaces it supports.
39 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary (Cont.) Restricted, unrestricted, and failover licenses are available for PIX Firewall models 515E, 525, and 535. Based on PIX Firewall technology, the Firewall Services Module for the Cisco Catalyst 6500 Switches and Cisco 7600 Series Internet Routers provides an alternative to the PIX Firewall appliance. FWSM supports the PIX Firewall Software Release 6.0 feature set as well as some of the 6.2 feature set. FWSM delivers multigigabit throughput and 1 million concurrent connections.
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.