Cisco Pix 515 Firewall

(thing) by KernelPanic (6.4 y) (print) ? (I like it!) 1 C! Tue May 29 2001 at 15:33:26

The Pix 515 Firewall was one of the cooler pieces of equipment I got to work with at my last job. It is the smaller of Cisco's PIX firewall devices (the other being the Pix 520). The unit is one rack unit tall and includes two fast ethernet interfaces. I had it sitting between a router that provided internet feed and a router that operated an eleven location frame relay network. For some reason I'm drawing a complete blank for it's umpteen features, some of which are:

Two PCI expansion slots
Can be plugged into an identical Pix and set up for failover
Supports up to six interfaces
Handles VPN with IPSEC (using TACACS for authentication), DMZ's, NAT and many other abbrieviations

It is set up using wonderful plain text, through a terminal or telnet. There is some sort of GUI 'Firewall Manager' for it that runs on NT but I never bothered to try it. Getting the thing to work boiled down to configuring your interfaces then defining what traffic the interfaces could send/recieve from each other. Then you could define a NAT to allow inside users Internet access. Putting servers on the internet (Citrix, email, etc) is super easy as well, you just create a "static" and a "conduit" which allows traffic to a certain IP address to be sent to a specific machine.
All of this is covered in it's great instruction manual. I knew nothing about Cisco firewalls and had it doing a NAT in an hour or less (including the software upgrade).

I think the thing cost just over $10,000, with a 65,000 connection license.

The first Pix we bought was actually bad. It would work until you put a severe load on it, then it would crash. For a few months, before it went into production, I was the only one who could access the Pix and the new Internet T1 from their desktop. (everybody else was using a crappy 384k connection which was also handling the whole WAN, hehe)
All I had to do to crash it was open up Newsbin, the thing just couldn't handle a whole T-1 worth the traffic. As per Cisco's tech support I got to open it up, which was neat. It's just a motherboard with an Intel Pentium 200 processor ("with MMX technology!"). We got a replacement from Cisco within a week.

A neat trick is adding more interfaces. If you want more connections on the Pix but already maxed out your budget, you can just throw an Intel 10/100 NIC in there. Power up and it grabs an irq then off you go!!! You can probably add an Intel dual port server card, but I never tried it.
Cisco's tech support doesn't support this, since your supposed to buy a Cisco nic (which is probably intel anyway). I never had any problems with it though.

(thing) by oceanic (1.1 y) (print) ? (I like it!) 1 C! Fri Jun 01 2001 at 16:06:10

$10,000!!!!

Why not set up a Pentium 200-300 MHz machine with a 4 GB drive, two high quality Intel 10/100 network cards, and install linux on it with an ipchains or iptables firewall. Failover, VPN, mutiple interfaces, plain-text or GUI setup and complex routing can all be included.

Maximum cost: $1000

I mean, seriously Cisco, love your routers and switches, but $10,000 for a Pentium 200 with no special hardware in it! You have to be kidding!

By the way, yes, the NIC that you are supposed to buy from Cisco is in fact a rebadged off-the-shelf Intel 10/100 network card.

printable version
chaos

Internetwork Operating System	Cisco	The Fastest Clock in the Universe	DMZ
Frame Relay	IPsec	TACACS	Single Point Of Failure
NAT	NewsBin	EVA-04	101 Switching Protocols
MMX	RFC 3093	ZoneAlarm	firewall
OpenStep	Twiglets	Internet Security	filtering software
Fate sharing	IPChains	medical school	VPN

Y'know, if you log in, you can write something here, or contact authors directly on the site. Create a New User if you don't already have an account.

Login
Password

remember me
password reminder
register

Everything2 Help

Nodes to live by:
Romance Language
Art Spiegelman
Katharine Hepburn
I must escape the noose of my adult responsibility
The Holocaust
My first writeup
Discovery
King Kong
Why I love Larry Flynt
New Model Army
How to break a coconut
On the Arts and Sciences to be Studied
Behind the scenes at a supermarket produce department

sitaraika
Colours	(idea)
etouffee
Wild tides guard her secrets	(poetry)
Lord Brawl
Dr. Horrible's Sing-Along Blog	(review)
a8ksh4
regret	(idea)
Heisenberg
Editor Log: July 2008	(log)
sam512
halfway homes, catacombs, twilight zones	(fiction)
Timeshredder
The Texas UFO Crash of 1897	(event)
Heitah
The Dark Knight	(review)
ignis_glaciesque
Uppsala	(place)
ignis_glaciesque
diffusion of responsibility	(idea)
TheOrientalAfrican
The Soft Meadow of my Childhood	(event)
BookReader
The Dragon Slayers	(fiction)
kohlcass
religiously fashionable	(review)
Pavlovna
waulking song	(thing)
tentative
Stick Man	(poetry)

This page courtesy of The Everything Development Company