The Pix 515 Firewall
was one of the cooler pieces of equipment
I got to work with at my last job. It is the smaller of Cisco
's PIX firewall devices (the other being the Pix 520). The unit is one rack unit tall and includes two fast ethernet
interfaces. I had it sitting between a router that provided internet
feed and a router that operated an eleven location frame relay
network. For some reason I'm drawing a complete blank for it's umpteen features, some of which are:
Two PCI expansion slots
Can be plugged into an identical Pix and set up for failover
Supports up to six interfaces
for authentication), DMZ
and many other abbrieviations
It is set up using wonderful plain text
, through a terminal
. There is some sort of GUI
'Firewall Manager' for it that runs on NT
but I never bothered to try it. Getting the thing to work boiled down to configuring your interfaces then defining what traffic the interfaces could send/recieve from each other. Then you could define a NAT
to allow inside users Internet
access. Putting servers on the internet (Citrix
, etc) is super easy as well, you just create a "static" and a "conduit" which allows traffic to a certain IP address to be sent to a specific machine.
All of this is covered in it's great instruction manual. I knew nothing about Cisco firewalls and had it doing a NAT
in an hour or less (including the software upgrade).
I think the thing cost just over $10,000, with a 65,000 connection license.
The first Pix we bought was actually bad. It would work until you put a severe load on it, then it would crash
. For a few months, before it went into production
, I was the only one who could access the Pix and the new Internet T1 from their desktop
. (everybody else was using a crappy 384k connection which was also handling the whole WAN
All I had to do to crash it was open up Newsbin
, the thing just couldn't handle a whole T-1
worth the traffic. As per Cisco's tech support I got to open it up, which was neat. It's just a motherboard with an Intel
Pentium 200 processor ("with MMX
technology!"). We got a replacement from Cisco within a week.
A neat trick is adding more interfaces. If you want more connections on the Pix but already maxed out your budget, you can just throw an Intel
in there. Power up and it grabs an irq
then off you go!!! You can probably add an Intel dual port server card, but I never tried it.
Cisco's tech support doesn't support this, since your supposed to buy a Cisco nic (which is probably intel anyway). I never had any problems with it though.