Datasheet
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 12
Features Benefit
Purpose-Built Security
Appliance
●
Uses a proprietary, hardened operating system that eliminates the security risks associated
with general-purpose operating systems
●
Combines Cisco product quality with no moving parts to provide a highly reliable security
platform
Fast Ethernet Expansion
Options
●
Supports easy installation of additional network interfaces two PCI expansion slots
●
Supports expansion cards including single-port Fast Ethernet and four-port Fast Ethernet
cards
Hardware VPN
Acceleration
●
Delivers high speed VPN services through the addition of either a VPN Accelerator Card
(VAC) or a VPN Accelerator Card+ (VAC+)—Unrestricted (UR), Failover (FO) and Failover-
Active/Active (FO-AA) models have integrated hardware VPN acceleration services
Integration with Leading
Third-Party Solutions
●
Supports the broad range of Cisco Technology Developer partner solutions that provide URL
filtering, content filtering, virus protection, scalable remote management, and more
Industry Certifications and
Evaluations
●
Earned numerous leading industry certifications and evaluations, including:
Common Criteria Evaluated Assurance Level 4 (EAL4)
Corporate RSSP Category
Network Equipment Building Standards (NEBS) Level-3 Compliant
Advanced Firewall Services
Stateful Inspection Firewall
●
Provides wide-range of perimeter network security services to prevent unauthorized network
access
●
Delivers robust stateful inspection firewall services which track the state of all network
communications
●
Provides flexible access-control capabilities for more than 100 predefined applications,
services, and protocols, with the ability to define custom applications and services
●
Supports inbound/outbound ACLs for interfaces, time-based ACLs, and per-user/per-group
policies for improved control over network and application usage
●
Simplifies management of security policies by giving administrators the ability to create re-
usable network and service object groups that can be referenced by multiple security policies,
simplifying initial policy definition and ongoing policy maintenance
Advanced Application and
Protocol Inspection
●
Integrates 30 specialized inspection engines that provide rich application control and security
services for protocols such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol
(FTP), Extended Simple Mail Transfer Protocol (ESMTP), Domain Name System (DNS),
Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP),
SQL*Net, Network File System (NFS), H.323 Versions 1-4, Session Initiation Protocol (SIP),
Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), GPRS
Tunneling Protocol (GTP), Internet Locator Service (ILS), Sun Remote Procedure Call (RPC),
and many more
Modular Policy Framework
●
Provides a powerful, highly flexible framework for defining flow- or class-based policies,
enabling administrators to identify a network flow or class based on a variety of conditions,
and then apply a set of customizable services to each flow/class
●
Improves control over applications by introducing ability to have flow- or class-specific
firewall/inspection policies, QoS policies, connection limits, connection timers, and more
Security Contexts
●
Enables creation of multiple security contexts (virtual firewalls) within a single Cisco PIX
Security Appliance, with each context having its own set of security policies, logical interfaces,
and administrative domain
●
Supports one licensed level of security contexts: 5 (maximum number of security contexts
supported based on model of Cisco PIX Security Appliance)
●
Provides businesses a convenient way of consolidating multiple firewalls into a single physical
appliance or failover pair, yet retaining the ability to manage each of these virtual instances
separately
●
Enables service providers to deliver resilient multi-tenant firewall services with a pair of
redundant appliances
Layer 2 Transparent
Firewall
●
Supports deployment of a Cisco PIX Security Appliance in a secure Layer 2 bridging mode,
providing rich Layer 2—7 firewall security services for the protected network while remaining
“invisible” to devices on each side of it
●
Simplifies Cisco PIX Security Appliance deployments in existing network environments by not
requiring businesses to re-address the protected networks
●
Supports creation of Layer 2 security perimeters by enforcing administrator defined Ethertype-
based access control policies for Layer 2 network traffic
Multi-Vector Attack
Protection
●
Provides wealth of advanced attack protection services to defend businesses from many
popular forms of attacks, including denial-of-service (DoS) attacks, fragmented attacks, replay
attacks, and malformed packet attacks
●
Delivers advanced TCP stream reassembly and traffic normalization services to assist in
detecting hidden application and protocol layer attacks
●
Integrates with Cisco Network Intrusion Prevention System (IPS) solutions to identify and
dynamically block or shun hostile network nodes