Data Sheet
Cisco Integrated
Firewall
Solutions
Cisco PIX Security Appliances, Cisco IOS Firewall, and the Firewall Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Networks are more critical than ever before. They provide a common infrastructure for converged data, voice, and video, and they support the business applications and processes organizations depend on to stay productive and competitive. Cisco Systems® understands the security challenges that organizations face today, and empowers its customers to safely engage in business by providing them with best in-class security solutions. Instead of only providing point products that set a base level of security, Cisco’s philosophy is to embed security throughout the network and integrate security services in all of its products—resulting in greater security, and making security a transparent, scalable, and manageable aspect of the business
infrastructure.
Cisco PIX® security appliances, the Cisco IOS® Advanced Security Feature Set, and the security services modules for Cisco Catalyst® 6500 Series switches and Cisco 7600 Series routers are integrated security solutions that best represent the Cisco security philosophy. Each of these products integrates comprehensive firewall, intrusion protection, and VPN technologies in a cost-effective, single-box format. Customers implementing these integrated solutions benefit from enhanced security, lower cost of ownership, and lower
operational costs—all resulting from the increased intelligence sharing of integrated security services in a single platform. Integrated Firewall Solutions to Meet Every Need
Cisco PIX security appliances, Cisco IOS Firewall, and the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers are Cisco’s flexible integrated firewall solutions. Based on modular, scalable platforms, each offering is designed with a particular feature set, to better secure different network environments. These solutions can be independently deployed to secure specific areas of the network infrastructure, or can be combined for a layered, defense-in-depth approach following the design best practices described in the SAFE Blueprint from Cisco. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management product portfolio, ranging from Cisco IOS Software security features and embedded device managers to standalone management applications, helping to ensure that customers can effectively manage their Cisco security infrastructure investments.
Cisco PIX Security Appliances
The world-leading Cisco PIX Security Appliance Series is a family of specialized appliances that provide robust integrated network security services, including stateful inspection firewalling, VPNs, and inline intrusion protection (Figure 1). The Cisco PIX family ranges from compact, “plug-and-play” desktop firewalls for small and home offices to modular, carrier-class gigabit firewalls for the most demanding enterprise and service-provider environments. The Cisco PIX security appliance is the ideal solution for customers looking for a best-of-breed firewall, with state-of-the-art application and protocol inspection and complete multimedia and voice support. It is an excellent option for organizations whose security policies mandate the segregation of the security infrastructure, setting a clear demarcation between security and network operation.
Figure 1
Cisco PIX Security Appliance Portfolio
Note: Figure 1 provides general guidelines. Network environments should be scaled on applications requirements, not solely on the size of the network.
Built upon a hardened, purpose-built operating system that delivers rich security services, Cisco PIX security appliances provide the highest levels of security and have earned many industry evaluations and certifications, including Common Criteria Evaluation Assurance Level (EAL) 4 status, as well as ICSA Labs Firewall and IP Security (IPSec) certification. The appliances provide advanced security services for multimedia and voice standards, including H.323 versions 2-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), allowing businesses to securely take advantage of the many benefits that converged data, voice, and video networks deliver.
Administrators can choose from several products that meet their operational requirements for remotely configuring, monitoring, and troubleshooting Cisco PIX security appliances. Administrators can manage Cisco PIX security appliances using a convenient command-line interface (CLI) through numerous methods, including Telnet, Secure Shell (SSH), or out-of-band via a console port. Alternatively, the Cisco PIX Device Manager (PDM) is a Web-based device configuration tool embedded within the appliances that enables users to graphically set up, configure, and monitor their Cisco PIX security appliances without requiring extensive knowledge of the CLI. In addition, several informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Secure communication allows efficient management of local or remote Cisco PIX security appliances. Cisco PIX security appliances also include robust auto-update capabilities, a set of revolutionary secure
Cisco PIX 501 Teleworker/SOHO
(1–20 users)
Cisco PIX 515E Medium Branch (100–999 users) Cisco PIX 525 Enterprise Edge Cisco PIX 535 Enterprise HQ Data Center Cisco PIX 525 Enterprise Branch (100–999 users) Cisco PIX 506E
Small Branch (20–99 users)
remote-management services that ensure firewall configurations and software images are kept up to date. In addition, Cisco PIX security appliances are supported by several configuration and monitoring tools available from
Cisco AVVID (Architecture for Voice, Video and Integrated Data) partners.
Table 1 summarizes the firewall performance of each Cisco PIX Security Appliance model.
Cisco IOS Firewall and the Advanced Security Feature Set
Cisco IOS Firewall is the stateful firewall component of the Cisco IOS Advanced Security Feature Set1, a security-specific option for Cisco IOS Software that integrates state-of-the-art firewall, leading VPN services, and intrusion protection capabilities onto the extensive Cisco IOS feature set (Figure 2). The Cisco IOS Advanced Security Feature Set runs on numerous Cisco IOS routers and represents the best option for customers of small and medium-sized offices looking to leverage their network infrastructures for security, while continuing to take advantage of Cisco IOS capabilities, including quality of service (QoS), multiprotocol, multicast, and advanced routing support. The Advanced IP Services Feature Set combines Cisco’s comprehensive voice-over-IP (VoIP) support with advanced security features, integrating data and voice services while maintaining the highest security levels. The Cisco IOS Advanced Feature Set is an ideal solution for small offices and teleworkers because it combines the best security functions with the rich Cisco IOS feature set in a single device, with the widest option of WAN and LAN interfaces.
Figure 2
Cisco IOS Firewall Portfolio
Note: Figure 2 provides general guidelines. Network environments should be scaled on the applications requirements, not solely on the size of the network.
Table 1 Cisco PIX Security Appliance Firewall Performance
Firewall Performance Cisco PIX 501: 60 Mbps
Cisco PIX 506E: 100 Mbps Cisco PIX 515E: 188 Mbps Cisco PIX 525: 330 Mbps Cisco PIX 535: 1.6 Gbps
1. The Cisco Advanced Security Feature Set has been introduced in IOS Software release 12.3 as part of a new IOS packaging strategy that simplifies Cisco IOS Software feature sets. Prior to IOS Software release 12.3, Cisco IOS Firewall was bundled in the Cisco IOS Firewall Feature Set. For more details on the new IOS packing please visit Cisco’s web site at:http://www.cisco.com/warp/public/732/releases/packaging/docs/pb.pdf
Cisco SOHO 90 Teleworker/SOHO (1–20 users) Cisco 830 Cisco 1700 Small Branch (20-99 users) Cisco 1760 Cisco 2600XM/2691 Medium Branch (100–999 users) Cisco 7x00 Enterprise Edge Cisco 3700 Enterprise Branch (>100 users)
The integrated Cisco IOS Firewall uses a sophisticated firewall engine capable of dynamically controlling traffic flows based on application-level intelligence, providing enhanced security for complex applications such as VoIP. Currently supported multimedia and voice protocols are H.323v2, SIP, SCCP, and RTSP. The Cisco IOS Firewall also incorporates an inline intrusion protection service that provides real-time monitoring, interception, and response to network misuse with 100 common attack and information-gathering intrusion detection signatures. Other security features include destination URL policy management; denial-of-service (DoS) detection and prevention; dynamic port mapping; Java applet blocking; VPN QoS support; real-time alerts; audit trails; policy-based multi-interface support; Network Address Translation (NAT); bidirectional NAT; dual NAT; flexible multiprotocol access lists for IP and non-IP traffic; time-based access lists; peer router authentication; extremely robust authentication,
authorization, and accounting (AAA) integrated with authentication proxy; per-user firewalls; and downloadable access lists.
Cisco IOS IPSec has earned industry evaluations and certifications such as Common Criteria EAL 4 and ICSA Labs IPSec certification.
The Cisco IOS Firewall can be managed using a convenient CLI through several methods, including Telnet, SSH, or out-of-band via a console port. Alternatively, the Cisco IOS Firewall can be configured and monitored using the Cisco Security Device Manager (SDM), an intuitive and secure Web-based device management tool embedded within the Cisco IOS firewalls. Cisco SDM simplifies device and security configuration through smart wizards to enable customers to quickly and easily deploy, configure, and monitor a Cisco IOS Firewall without requiring extensive knowledge of the Cisco IOS CLI. In addition, Cisco IOS Firewall incorporates AutoSecure, a feature introduced in Cisco IOS Software Release 12.3 that eliminates the complexity of securing a router by automating the configuration of security features and the removal of insecure features enabled by default. This new Cisco IOS Software feature simplifies the security process, enabling a rapid implementation of security policies and procedures to ensure secure networking services. Cisco IOS Firewall can also be configured and monitored using tools available from
Cisco AVVID partners.
Table 2 shows the firewall performance of different Cisco IOS router platforms running Cisco IOS Firewall.
FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. The module provides the fastest firewall data rates in the industry—5 Gbps throughput, 100,000 connections per second (cps), and 1 million concurrent connections. Up to four FWSMs can be installed in the same chassis, providing an unmatched 20 Gbps of firewalling capacity per chassis. The FWSM can also be combined with Table 2 Cisco IOS Firewall Performance
Firewall Performance Cisco SOHO 90: 10 Mbps
Cisco 830: 10 Mbps Cisco 1710: 20 Mbps Cisco 1711: 20 Mbps Cisco 1712: 20 Mbps Cisco 1721: 20 Mbps Cisco 1751: 20 Mbps Cisco 1760: 20 Mbps Cisco 2611XM: 50 Mbps Cisco 2621XM: 50 Mbps Cisco 2651XM: 55 Mbps Cisco 2691: 200 Mbps1 Cisco 3725: 200 Mbps1 Cisco 3745: 200 Mbps1
other Cisco security service modules such as the Intrusion Detection Service Module (IDSM-2), IPSec VPN Service Module (VPNSM), and the Series Network Analysis Module (NAM-1 and NAM-2). This modular approach allows customers to leverage their existing switching and routing infrastructures at a low cost, while obtaining the highest performance available in the industry. The FWSM is an optimal solution for data centers, enterprise headends, and distribution points.
Installed inside a Cisco Catalyst 6500 Series switch or Cisco 7600 Series Internet Router, the FWSM allows any port on the device to operate as a firewall port and integrates stateful firewall security inside the network infrastructure. This becomes especially important where rack space is at a premium. The Cisco Catalyst 6500 emerges as the IP services switch of choice for customers requiring intelligent services such as firewall services, intrusion detection, and VPN, along with multilayer LAN, WAN, and MAN switching capabilities.
Figure 3
FWSM for Catalyst 6500 Series Switches and Cisco 7600 Series Routers
The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX operating system—a secure, real-time operating system. The FWSM offers a unique combination of performance and security on the same platform, using proven Cisco PIX technology for inspecting packets.
The Cisco FWSM is also supported by the Cisco PIX Device Manager (PDM) for configuration, monitoring, and troubleshooting. Additionally, the FWSM is supported by Cisco AVVID partners for configuration and monitoring. When to Deploy Each Cisco Integrated Firewall Solution
Cisco PIX security appliances, the Cisco IOS Firewall, and the FWSM all incorporate leading-edge firewall technologies and have many benefits and features in common; however, each solution has been specifically engineered for specific environments. The following tables show the similarities and differences of these solutions, and provide the general guidelines to help network designers decide when to deploy each solution and how to take maximum advantage of their individual capabilities.
Table 3 Features and Benefits Common to the Cisco PIX Security Appliance, Cisco IOS Firewall, and the Cisco FWSM
Feature Benefit
Stateful inspection firewalling
Provides robust network and application security by enforcing administrator-defined access control policies while performing deep packet inspection and tracking the state of all network communications.
Application and protocol inspection
Delivers enhanced application and protocol security by using specialized inspection engines capable of examining data streams at Layers 4-–.
Dynamic, per-user authentication and authorization
Provides flexible user authentication and authorization via integration with Cisco Secure Access Control Sever (ACS) using RADIUS and TACACS+ protocols, which allows for integration into numerous user databases, including Microsoft Active Directory, Microsoft Windows NT domains, LDAP directories, and one-time password systems.
Dynamic and static NAT and Port Address Translation (PAT)
Provides extensive NAT application and protocol support and protects internal network addresses from the outside, providing an additional level of security.
Content filtering Improves employee productivity through integration with leading third-party URL filtering solutions; supports URL filtering and blocks malicious Java applets.
Remote management Offers a wealth of remote-management methods for configuration, monitoring, and troubleshooting. Management solutions range from highly scalable, centralized management tools to integrated, Web-based management, to support for
remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog.
Administrative access control based on AAA
Provides granular control for administrative access based on the AAA services provided by the TACACS+ and RADIUS protocols. This allows administrators to enforce access policies to the level of what services and commands are allowed to each admin user or group. Multiple DMZ
support
Supports additional physical or virtual network interfaces that can provide protected access to servers (such as Web, e-mail, FTP, or DNS) on a shared network (DMZ).
Extensive multimedia support, including streaming video, streaming audio, and voice applications
Provides rich stateful inspection firewalling services for wide range of VoIP standards and other multimedia standards, allowing businesses to securely take advantage of the many benefits that converged data, voice, and video networks provide, such as improved productivity and competitive advantage.
DoS protection Provides several mechanisms to block and mitigate DoS attacks, such as TCP Intercept, TCP SYN cookies, DNS Guard, Flood Defender, Flood Guard, Mail Guard, and Unicast Reverse Path Forwarding (uRPF).
Secure dynamic routing
Supports Message Digest Algorithm 5 (MD5)-based and plain-text routing authentication for Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), preventing route spoofing and various routing-based DoS attacks.
Table 4 When to Choose Cisco PIX Security Appliances Customer
Requirement Cisco PIX Security Appliance Benefit Purpose-built,
best-of-breed, “all-in-one” security appliance
Cisco PIX security appliances provide state-of-the-art integrated network security services, including stateful inspection firewalling, protocol and application inspection, VPNs, inline intrusion protection, and rich multimedia and voice security.
Dedicated device for enterprise headends and data centers
Cisco PIX security appliances are security-specialized and run a hardened, embedded operating system, eliminating the common security holes of general purpose operating systems, and providing an unmatched system of overall security.
Table 3 Features and Benefits Common to the Cisco PIX Security Appliance, Cisco IOS Firewall, and the Cisco FWSM (Continued)
Separated security infrastructure
Cisco PIX security appliances can be implemented as dedicated security systems, that providing advanced security features allow an effective segregation of the security infrastructure from the rest of the network.
High availability Cisco PIX security appliances can be deployed in pairs to provide stateful failover services that help to ensure resilient network protection for the most critical environments. The appliances configured as failover pairs continuously synchronize their connection state and device configuration data, and in the event of a system or network failure, network sessions are automatically transitioned between appliances, with absolute transparency to users.
Table 5 When to Choose Cisco IOS Firewall
Customer Requirement Cisco IOS Firewall Benefit One-box solution combining
powerful security, QoS, multiprotocol routing, integrated WAN interfaces, and voice application support
The Cisco IOS Advanced Security Feature Set provides a comprehensive, integrated security solution, including stateful packet filtering, intrusion detection and protection, per-user authentication and authorization, VPN capability, extensive QoS mechanisms, multiprotocol routing, voice application support, and integrated WAN interface support in one box.
Leverage network infrastructure for security
The Cisco IOS Firewall can be loaded on existing Cisco IOS routers, providing greater investment protection in the network infrastructure. Reusing the same hardware chassis and components not only reduces the cost of ownership, but also the costs of operation—the same management infrastructure can be used and no additional staff training is required.
Extensive VPN support integrated with firewalling in a single device
Deploying Cisco IOS Firewall with Cisco IOS encryption and QoS VPN features enables secure, low-cost transmissions over public networks. Cisco IOS Firewall provides the most extensive VPN support, including but not limited to Dynamic Multipoint VPN (DMVPN), IPSec stateful failover, Easy VPN Remote, Easy VPN Server, site-to-site VPNs, Advanced Encryption Standard (AES), VPN acceleration cards, Voice and Video-Enabled VPN (V3PN), and VPN QoS.
Table 6 When to Choose Cisco FWSM
Customer Requirement Cisco FWSM Benefit Large enterprise headends
and data centers
The Cisco FWSM provides the fastest firewall performance in the industry—5 Gbps throughput, 100,000 connections per second (cps), and 1 million concurrent connections. Up to four FWSMs can be deployed in the same chassis for a total of 20 Gbps of throughput. A single FWSM can support up to 2000 virtual interfaces (256 per context), and a single chassis can scale up to a maximum of 4096 VLANs. Leverage network and
switching infrastructure at the headend or data center
The FWSM can be deployed in existing Cisco Catalyst 6500 Series switches or Cisco 7600 Series routers, providing greater investment protection.
Table 4 When to Choose Cisco PIX Security Appliances (Continued) Customer
Figure 4 illustrates how Cisco integrated firewall solutions can be deployed together to secure an enterprise network.
Figure 4
How Cisco Integrated Security Solutions Secure Your Enterprise Network
Cisco Security Management Solutions
In addition to the embedded device managers on the Cisco Firewall Solutions, Cisco provides standalone security management applications for customers looking to manage beyond the 1-5 devices that the embedded managers are designed for.
Firewall virtualization A single FWSM can be partitioned into multiple virtual firewalls (security contexts). Up to 256 security contexts can be defined per module. This allows service providers and large enterprises to segregate different customers or functional areas over the same physical infrastructure. Virtual firewall support will be introduced with the Cisco FWSM 2.1 in Q4 CY2003.
High availability The FWSM can be deployed in pairs to provide intra- or interchassis stateful failover services that ensure resilient network protection for the most critical environments. Modules configured in failover mode continuously synchronize their connection state and device configuration data, and in the event of failure, modules failover with absolute transparency to users.
Table 6 When to Choose Cisco FWSM
Customer Requirement Cisco FWSM Benefit
Perimeter Router
Branch Office with Cisco IOS Firewall
Cisco FWSM or Cisco PIX Security Appliance SOHO
SOHO
Cisco PIX Security Appliance
Cisco IOS Firewall WAN/QoS
Cisco IOS Firewall V3PN/Multi-protocol
Headquarters
Branch Office with Cisco PIX Security Appliance
Cisco PIX Security Appliance
For customers looking for comprehensive security management, policy administration, monitoring, and analysis for Cisco Firewall Solutions, Cisco provides the CiscoWorks VPN/Security Management Solution (VMS). CiscoWorks VMS is an integral part of the SAFE Blueprint for enterprise network security, and protects the productivity of organizations by combining Web-based tools for configuring, monitoring, and troubleshooting VPNs, firewalls, and network- and host-based intrusion detection systems (IDSs). CiscoWorks VMS delivers VPN configuration management, firewall management, surveillance, device inventory, and software version management features from a single management console.
For customers looking to offer firewall managed services built on Cisco firewall solutions, Cisco offers the
Cisco IP Solution Center (ISC). Cisco ISC implements a business-centric, policy-level management model that allows customers to define high-level security policies, while the application of those policies to specific network devices is offloaded to the Cisco ISC software. The Cisco ISC Security Management Module provides full support for the provisioning and management of LAN-to-LAN VPN, remote-access VPN, EZ VPN, DMVPN, firewall, NAT, and QoS technologies for numerous Cisco security devices (Cisco IOS Firewall, Cisco PIX Security Appliance, and Cisco VPN 3000 Series Concentrator, for example).
Cisco also offers the CiscoWorks Security Information Management Solution (SIMS). With CiscoWorks SIMS, customers can manage a growing multivendor security infrastructure without increasing the size of existing security staff. CiscoWorks SIMS lets customers normalize, aggregate, correlate, and visualize the thousands of security alerts received every day from security devices and applications. CiscoWorks SIMS is available for ordering as a
software-only option that provides the flexibility to implement a multitier server architecture that is suitable for larger deployments; and as an appliance option, which consists of the CiscoWorks SIMS pre-installed on the Cisco 1160 hardware solution platform.
Product Ordering Information
Table 7 lists the product numbers for Cisco PIX security appliances, Cisco IOS routers, and the FWSM for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers.
Table 7 Product Ordering Information Product Number Description
PIX-501-BUN-K9 Cisco PIX 501 10-user bundle (chassis, latest Cisco PIX software, 10-user and Triple Data Encryption Standard [3DES] licenses, integrated 4-port 10/100 switch and 10/100 port) PIX-501-50-BUN-K9 Cisco PIX 501 50-user bundle (chassis, latest Cisco PIX software, 50-user and 3DES
licenses, integrated 4-port 10/100 switch and 10/100 port)
PIX-501-UL-BUN-K9 Cisco PIX 501 unlimited user bundle (chassis, latest Cisco PIX software, unlimited user and 3DES licenses, integrated 4-port 10/100 switch and 10/100 port)
PIX-501 Cisco PIX 501 chassis, software, 10-user license, integrated 4-port 10/100 switch and 10/100 port
PIX-501-SW-10 10-user license for Cisco PIX 501 PIX-501-SW-50 50-user license for Cisco PIX 501 PIX-501-SW-UL Unlimited user license for Cisco PIX 501
PIX-506E-BUN-K9 Cisco PIX 506E 3DES/AES bundle (chassis, software, two 10/100 ports, 3DES/AES license)
PIX-515E Cisco PIX 515E chassis only
PIX-515E-DC Cisco PIX 515E DC chassis only
PIX-515E-R-BUN Cisco PIX 515E restricted bundle (chassis, restricted software, two 10/100 ports, 32 MB RAM)
PIX-515E-R-DMZ-BUN Cisco PIX 515E DMZ bundle (chassis, restricted software, three 10/100 ports, 32 MB RAM) PIX-515E-UR-BUN Cisco PIX 515E unrestricted bundle (chassis, unrestricted software, two 10/100 ports,
64 MB RAM, VAC or VAC+)
PIX-515E-UR-FE-BUN Cisco PIX 515E unrestricted 6-port Fast Ethernet bundle (chassis, unrestricted software, six 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-FO-BUN Cisco PIX 515E failover bundle (chassis, failover software, two 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-FO-FE-BUN Cisco PIX 515E failover 6-port Fast Ethernet bundle (chassis, failover software, six 10/100 ports, VAC or VAC+)
PIX-515E-DC-R-BUN Cisco PIX 515E DC restricted bundle (chassis, restricted software, two 10/100 ports, 32 MB RAM)
PIX-515E-DC-UR-BUN Cisco PIX 515E DC unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-DC-FO-BUN Cisco PIX 515E DC failover bundle (chassis, failover software, two 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-HW Cisco PIX 515E rack mount kit, console cable, failover serial cable
PIX-525 Cisco PIX 525 chassis only
PIX-525-DC Cisco PIX 525 DC chassis only
PIX-525-R-BUN Cisco PIX 525 restricted bundle (chassis, restricted software, two 10/100 ports, 128 MB RAM)
PIX-525-UR-BUN Cisco PIX 525 unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 256 MB RAM, VAC or VAC+)
PIX-525-UR-GE-BUN Cisco PIX 525 unrestricted 2 Gigabit Ethernet + 2 Fast Ethernet bundle (chassis, unrestricted software, 2 Gigabit Ethernet + 2 10/100 ports, 256 MB RAM, VAC or VAC+) PIX-525-FO-BUN Cisco PIX 525 failover bundle (chassis, failover software, two 10/100 ports, 256 MB RAM,
VAC or VAC+)
PIX-525-FO-GE-BUN Cisco PIX 525 failover 2 Gigabit Ethernet + 2 Fast Ethernet bundle (chassis, failover software, 2 Gigabit Ethernet + 2 10/100 ports, VAC or VAC+)
PIX-535 Cisco PIX 535 chassis only
PIX-535-R-BUN Cisco PIX 535 restricted bundle (chassis, restricted software, two 10/100 ports, 512 MB RAM)
Table 7 Product Ordering Information (Continued) Product Number Description
PIX-535-UR-BUN Cisco PIX 535 unrestricted bundle (chassis, unrestricted software, two 10/100 ports, 1 GB RAM, VAC or VAC+)
PIX-535-FO-BUN Cisco PIX 535 failover bundle (chassis, failover software, two 10/100 ports, 1 GB RAM, VAC or VAC+)
PIX-535-HW Cisco PIX 535 rack mount kit, console cable, failover serial cable CISCOSOHO91-K9 Cisco SOHO 91 Ethernet Router
CISCOSOHO96-K9 Cisco SOHO 96 ADSL over ISDN Router
CISCOSOHO97-K9 Cisco SOHO 97 ADSL Router
CISCO831-K9 Cisco 831 Ethernet Router
CISCO836-K9 Cisco 836 ADSL over ISDN Router
CISCO837-K9 Cisco 837 ADSL Router
CISCO1710-VPN-M/K9 Dual-Ethernet Security Router VPN/FW/IDS 16 MB Flash/64 MB DRAM
CISCO1711-VPN/K9 Security access router with integrated 4-port switch, 10/100BASE-TX for WAN and analog modem backup
CISCO1712-VPN/K9 Security access router with integrated 4-port switch, 10/100BASE-TX for WAN and ISDN S/T backup
CISCO1721-VPN/K9 Cisco 1721 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES CISCO1751-VPN/K9 Cisco 1751 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES CISCO1760-VPN/K9 Cisco 1760 VPN bundle with VPN module, 64 MB DRAM, IP Plus/FW/3DES CISCO1760-V3PN/K9 Cisco 1760 VPN bundle with VPN module, 96 MB DRAM, IP Plus/VOX/FW/3DES C2611XM-2FE/VPN/K9 Cisco 2611XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM C2621XM-2FE/VPN/K9 Cisco 2621XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM C2651XM-2FE/VPN/K9 Cisco 2651XM/VPN bundle, AIM-VPN/BPII/2FE/IOS FW/IPSec 3DES, 128 MB DRAM C2691-VPN/K9 Cisco 2691 VPN bundle, AIM-VPN/EPII, plus FW/IPSEC 3DES, 128 MB DRAM C3725-VPN/K9 Cisco 3725 VPN bundle, AIM-VPN/EPII, plus IOS FW/IPSEC 3DES, 128 MB DRAM C3745-VPN/K9 Cisco 3745 VPN bundle, AIM-VPN/HPII, plus IOS FW/IPSEC 3DES, 128 MB DRAM NM-CIDS-K9 Cisco Intrusion Detection System Network Module for access routers
NM-CE-20G Cisco Content Engine Network Module with Firewall URL Filtering for access routers WS-SVC-FWM-1-K9 FWSM for Cisco Catalyst 6500
WS-SVC-FWM-1-K9 FWSM for Cisco Catalyst 6500 (spare)
SC-SVC-FWM-1.2-K9 Firewall Module Software for Cisco Catalyst 6500 SC-SVC-FWM-1.2-K9 Firewall Module Software for Cisco Catalyst 6500 (spare) Table 7 Product Ordering Information (Continued)
All part descriptions, part numbers, and prices of Cisco products can be accessed using the online Cisco Pricing Tool at:
http://www.cisco.com/cgi-bin/front.x/pricing
The Cisco Pricing Tool requires a user name and password. If you are not already registered, go to:
http://www.cisco.com/register
Follow the instructions. After you have registered, you may access the Cisco Pricing Tool. Additional Information
For more information, please visit the following links. Cisco PIX Security Appliance Series:
http://www.cisco.com/go/pix
Cisco IOS Firewall:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/index.shtml
Cisco Firewall Services Module:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html
Cisco PIX Device Manager:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/index.html
Cisco Security Device Manager:
http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html CiscoWorks VMS: http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html Cisco ISC: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/index.html CiscoWorks SIMS: http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html
SAFE Blueprint from Cisco:
Corporate Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters
Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems, Inc. Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the
C i s c o W e b s i t e a t w w w . c i s c o . c o m / g o / o f f i c e s
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden S w i t z e r l a n d • Ta i w a n • T h a i l a n d • Tu r k e y • U k r a i n e • U n i t e d K i n g d o m • U n i t e d S t a t e s • Ve n e z u e l a • Vi e t n a m • Z i m b a b w e