Feature |
Benefit |
Enterprise-Class
Security
|
|
Reliable, purpose-built security appliance |
¡P Uses a
proprietary, hardened operating
system that eliminates security
risks associated with general
purpose operating systems
¡P Combines Cisco
product quality with no moving
parts to provide a highly
reliable security platform
|
Stateful inspection firewall |
¡P Provides
perimeter network security to
prevent unauthorized network
access
¡P Uses
state-of-the-art Cisco Adaptive
Security Algorithm for robust
stateful inspection firewall
services
¡P Provides flexible
access-control capabilities for
over 100 predefined
applications, services and
protocols, with the ability to
define custom applications and
services
¡P Simplifies
management of security policies
by giving administrators the
ability to create re-usable
network and service object
groups which can be referenced
by multiple security policies,
thus simplifying initial policy
definition and on-going policy
maintenance
|
Advanced application and protocol inspection |
¡P Integrates over
two dozen specialized inspection
engines for protocols such as
Hypertext Transfer Protocol
(HTTP), File Transfer Protocol
(FTP), Simple Mail Transfer
Protocol (SMTP), Domain Name
System (DNS), Simple Network
Management Protocol (SNMP),
SQL*Net, Network File System
(NFS), H.323 Versions 1-4,
Session Initiation Protocol
(SIP), Cisco Skinny Client
Control Protocol (SCCP),
Real-Time Streaming Protocol
(RTSP), Internet Locator Service
(ILS), and many more
|
Cisco Easy VPN Remote (hardware VPN client) |
¡P Enables
dramatically simplified VPN
rollouts to small
office/teleworker environments
by eliminating the provisioning
complexities of traditional
site-to-site VPN deployments
¡P Downloads VPN
policy dynamically from a Cisco
Easy VPN Server upon connection,
ensuring the latest corporate
security policies are enforced
¡P Provides robust
client-side VPN resiliency with
support for up to 10 Cisco Easy
VPN Servers with automatic
failover, in addition to Dead
Peer Detection (DPD) support
¡P Supports optional
authentication of individual
users behind a Cisco PIX
Security Appliance through an
easy-to-use, Web-based interface
with support for standard and
one-time passwords (including
authentication tokens)
¡P Extends VPN reach
into environments using NAT or
PAT, via support of Internet
Engineering Task Force (IETF)
UDP-based draft standard for NAT
traversal
¡P Supports both
split and non-split tunneling
environments
¡P Provides
intelligent, transparent DNS
proxy capabilities for access to
both corporate and public DNS
servers
|
Cisco Easy VPN Server |
¡P Provides remote
access VPN concentrator services
for up to 10 remote software or
hardware-based VPN clients
¡P Pushes VPN policy
dynamically to Cisco Easy VPN
Remote-enabled solutions (such
as the Cisco VPN Client) upon
connection, ensuring the latest
corporate security policies are
enforced
¡P Supports
award-winning Cisco VPN Client
on multiple platforms including
Microsoft Windows
98/ME/NT/2000XP, Sun Solaris,
Intel-based Linux distributions,
and Apple Macintosh OS X
(available separately)
|
Site-to-site VPN |
¡P Supports IKE and
IPSec VPN industry standards
¡P Extends networks
securely over the Internet by
ensuring data privacy/integrity
and strong authentication with
remote networks
¡P Supports 56-bit
DES, 168-bit 3DES, and up to
256-bit AES data encryption to
ensure data privacy
|
Intrusion prevention |
¡P Provides
protection from over 55
different types of popular
network-based attacks ranging
from malformed packet attacks to
denial-of-service (DoS) attacks
¡P Integrates with
Cisco Network Intrusion
Detection System (IDS) sensors
to identify and dynamically
block/shun hostile network nodes
|
Authentication, authorization, and accounting (AAA) support |
¡P Integrates with
popular AAA services via TACACS+
and RADIUS
¡P Provides tight
integration with Cisco Secure
Access Control Server (ACS) for
user/administrator
authentication, dynamic
per-user/group policies, and
administrator access privileges
|
X.509 certificate and CRL support |
¡P Supports
SCEP-based enrollment with
leading X.509 solutions from
Baltimore, Entrust, Microsoft,
and VeriSign
|
Integration with leading third-party solutions |
¡P Supports the
broad range of Cisco AVVID
(Architecture for Voice, Video
and Integrated Data) partner
solutions that provide URL
filtering, content filtering,
virus protection, scalable
remote management, and more
|
Integrated security lock slot |
¡P Provides ability
to physically secure the Cisco
PIX 501 Security Appliance using
a standard notebook security
cable lock (lock not included)
|
Industry certifications and evaluations |
¡P Earned numerous
leading industry certifications
and evaluations, including:
¡P Common Criteria
Evaluated Assurance Level 4
(EAL4)
¡P
ICSA Labs Firewall
4.0 Certification, Corporate
RSSP Category
|
Robust Small Office
Networking
|
|
Integrated 4-port 10/100 switch |
¡P Provides
convenient, high-speed
networking environment for small
office environments in a single
compact platform
¡P Auto-MDIX support
eliminates the need to use
crossover cables with devices
connected to the switch
|
DHCP client/server |
¡P Obtains IP
address for outside interface of
appliance automatically from
service provider
¡P Provides IP
addresses to devices on inside
network of the appliance
¡P Delivers "zero
touch provisioning" of Cisco IP
Phones via automated
bootstrapping of CallManager
contact information through DHCP
server extensions
|
DHCP relay |
¡P Forwards DHCP
requests from internal devices
to an administrator-specified
DHCP server, enabling
centralized distribution,
tracking and maintenance of IP
addresses
|
NAT/PAT support |
¡P Provides dynamic,
static, and policy-based NAT, as
well as PAT services
¡P Allows multiple
users to share a single
broadband connection using a
single public IP address
|
PAT for IPSec |
¡P Supports IPSec
passthrough services, enabling a
single device behind the Cisco
PIX Security Appliance to
establish a VPN tunnel through
the firewall to a VPN peer
|
PPPoE support |
¡P Ensures
compatibility with networks that
require PPP over Ethernet
(PPPoE) support
|
Rich Management
Capabilities
|
|
CiscoWorks VMS |
¡P Provides a
comprehensive management suite
for large scale Cisco security
product deployments
¡P Integrates policy
management, software
maintenance, and security
monitoring in a single
management console
|
Cisco PIX Device Manager (PDM) |
¡P Intuitive,
Web-based GUI enables simple,
secure remote management of
Cisco PIX Security Appliances
¡P Provides wide
range of informative, real-time,
and historical reports which
give critical insight into usage
trends, performance baselines,
and security events
|
Auto Update |
¡P Provides "touchless"
secure remote management of
Cisco PIX Security Appliance
configuration and software
images via a unique push/pull
management model
¡P Next-generation
secure XML/HTTPS management
interface can be leveraged by
Cisco and third party management
applications for remote Cisco
PIX Security Appliance
configuration management,
inventory, software image
management/deployment, and
monitoring
¡P Supports
dynamically addressed appliances
in addition to firewalls with
static IP addresses
¡P Integrates
seamlessly with Management
Center for Firewalls and Auto
Update Server for robust,
scalable remote management of up
to 1000 Cisco PIX Security
Appliances (per management
server)
|
Cisco PIX command-line interface |
¡P Allows customers
to use existing Cisco IOS CLI
knowledge for easy installation
and management with little
additional training needed
¡P Accessible
through variety of methods
including console port, Telnet,
and SSH
|
Command-level authorization |
¡P Gives businesses
the ability to create up to 16
customizable administrative
roles/profiles for managing a
Cisco PIX Security Appliance
(for example, monitoring only,
read-only access to
configuration, VPN
administrator, firewall/NAT
administrator, etc.)
¡P Leverages either
the internal administrator
database or outside sources via
TACACS+, such as Cisco Secure
Access Control Server (ACS)
|
SNMP and syslog support |
¡P Provide remote
monitoring and logging
capabilities, with integration
into Cisco and third-party
management applications
|
¡@