The Pix 515 Firewall was one of the cooler pieces of equipment I got to work with at my last job. It is the smaller of Cisco's PIX firewall devices (the other being the Pix 520). The unit is one rack unit tall and includes two fast ethernet interfaces. I had it sitting between a router that provided internet feed and a router that operated an eleven location frame relay network. For some reason I'm drawing a complete blank for it's umpteen features, some of which are:

Two PCI expansion slots
Can be plugged into an identical Pix and set up for failover
Supports up to six interfaces
Handles VPN with IPSEC (using TACACS for authentication), DMZ's, NAT and many other abbrieviations

It is set up using wonderful plain text, through a terminal or telnet. There is some sort of GUI 'Firewall Manager' for it that runs on NT but I never bothered to try it. Getting the thing to work boiled down to configuring your interfaces then defining what traffic the interfaces could send/recieve from each other. Then you could define a NAT to allow inside users Internet access. Putting servers on the internet (Citrix, email, etc) is super easy as well, you just create a "static" and a "conduit" which allows traffic to a certain IP address to be sent to a specific machine.
All of this is covered in it's great instruction manual. I knew nothing about Cisco firewalls and had it doing a NAT in an hour or less (including the software upgrade).

I think the thing cost just over $10,000, with a 65,000 connection license.

The first Pix we bought was actually bad. It would work until you put a severe load on it, then it would crash. For a few months, before it went into production, I was the only one who could access the Pix and the new Internet T1 from their desktop. (everybody else was using a crappy 384k connection which was also handling the whole WAN, hehe)
All I had to do to crash it was open up Newsbin, the thing just couldn't handle a whole T-1 worth the traffic. As per Cisco's tech support I got to open it up, which was neat. It's just a motherboard with an Intel Pentium 200 processor ("with MMX technology!"). We got a replacement from Cisco within a week.

A neat trick is adding more interfaces. If you want more connections on the Pix but already maxed out your budget, you can just throw an Intel 10/100 NIC in there. Power up and it grabs an irq then off you go!!! You can probably add an Intel dual port server card, but I never tried it.
Cisco's tech support doesn't support this, since your supposed to buy a Cisco nic (which is probably intel anyway). I never had any problems with it though.

Log in or register to write something here or to contact authors.