Pix 535 Firewall

Cisco PIX (Private Internet Exchange) is a popular IP firewall and network address translation (NAT) appliance, also one of the first products in this market segment. Image File history File links No higher resolution available. ... Image File history File links No higher resolution available. ... The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. ... This article is about the network security device. ... In computer networking, Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets... Computer appliance are software devices that provide a narrow range of functions that are generally run on a hardware platform of their own. ...

In 2005, Cisco introduced the newer Adaptive Security Appliance (ASA), that inherited much of PIX features, and in 2008 annouced PIX end-of-sale.

The PIX technology is also sold in a blade, the FireWall Services Module (FWSM), for the Cisco Catalyst 6500 switch series and the 7600 Router series. In computing marketing-speak, the term blade designates a standardised module which one can plug in to a computer system - after the manner of a changeable blade in a kitchen appliance. ...

History

PIX was originally conceived in March 1994 by John Mayes of Redwood City, California and coded by Brantley Coiles of Athens, Georgia. The PIX name is derived from Coiles' aim of creating the functional equivalent of an IP PBX to solve the then-burgeoning registered IP address shortage. At a time when NAT was just being investigated as a viable approach, he wanted to conceal a block or blocks of RFC 1918 IP addresses behind a single or multiple registered IP addresses, much like PBX's do for internal phone extensions. When he began, RFC 1631 was being discussed, but the now-familiar RFC 1918 had not yet been submitted. PBX redirects here. ... An IP address (Internet Protocol address) is a unique address that certain electronic devices currently use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. ... It has been suggested that RFC 1918 be merged into this article or section. ...

The design, and testing were carried out in 1994 by John Mayes, Brantley Coile^[1] and Johnson Wu of Network Translation, Inc., with Brantley Coile being the sole software developer. As a side note, it was developed in a lab that was mainly running the Plan 9 operating system from Bell Labs. Beta testing was completed and first customer acceptance was on December 21, 1994 at KLA Instruments in San Jose, California. The PIX quickly became one of the leading enterprise firewall products and was awarded the Data Communications Magazine "Hot Product of the Year" award of 1994.^[1] Plan 9 is an operating system descended from Unix and developed by Bell Laboratories. ... Bell Laboratories (also known as Bell Labs and formerly known as AT&T Bell Laboratories and Bell Telephone Laboratories) was the main research and development arm of the United States Bell System. ... is the 355th day of the year (356th in leap years) in the Gregorian calendar. ... Year 1994 (MCMXCIV) The year 1994 was designated as the International Year of the Family and the International Year of the Sport and the Olympic Ideal by the United Nations. ...

After Cisco acquired Network Translation in 1995, Brantley hired four long time associates: Jim Jordan, Tom Bohannon, and Richard Howes and Pete Tenereillo (both who worked for NTI prior to the acquisition). Together they developed Finesse OS and the original version of the Cisco PIX Firewall, now known as the PIX "Classic". During this time, the PIX shared most of its code with another Cisco product, the LocalDirector. After Cisco acquired Global Internet Software Group in 1997, the PIX was sold alongside GISG's Windows NT-based softwall firewall product, known as the Cisco Centri firewall, until 2000. ^[2] Cisco may refer to: Cisco Systems, a computer networking company Cisco IOS, an internet router operating system CISCO Security Private Limited, a security company in Singapore Commercial and Industrial Security Corporation, a statutory board in Singapore Abbreviation for San Francisco, California Cisco (wine) The Cisco Kid, a fictional character created... Cisco LocalDirector is a server load balancing appliance based on the Network Address Translation (NAT) technology Cisco Systems acquired when they bought Network Translation, Inc. ...

At the same time, Coiles went on to develop ATA over Ethernet (AoE) and founded Coraid company. ATA over Ethernet (AoE) is a network protocol developed by Coraid, Inc. ... Coraid, Inc. ...

Adaptive Security Appliance (ASA)

In May 2005, Cisco introduced the Adaptive Security Appliance (ASA) which combines functionality from the PIX, VPN 3000 series and IDS product lines. The ASA series of devices run PIX code 7.0 and later. Through PIX OS release 7.x the PIX and the ASA use the same software images. Beginning with version PIX OS version 8.x, the operating system code diverges, with the ASA using a Linux kernel and PIX continuing to use the traditional Finesse/PIX OS combination.^[3] An Intrusion Detection System (or IDS) generally detects unwanted manipulations to systems. ...

End-of-Life

On January 28, 2008, Cisco announced the end-of-sale and end-of-life dates for Cisco PIX Security Appliances, software, accessories, and licenses. The last day for purchasing Cisco PIX Security Appliance platforms and bundles will be July 28, 2008. The last day to purchase accessories and licenses will be January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013.^[4] End-of-life is a term used with respect to a retailed product, indicating that a vendor will not be doing the following: marketing, selling, promoting or limit support of a particular product. ...

Description of operation

The PIX runs a custom-written proprietary operating system originally called Finesse (Fast InterNEt Server Executive), but now the software is known simply as PIX OS. It is classified as a network layer firewall with stateful inspection, although technically the PIX would more precisely be called a Layer 4, or Transport Layer Firewall, as its access is not restricted to Network Layer routing, but socket based connections (a port and an IP Address - Port communications occur at Layer 4). By design it allows internal connections out (outbound traffic), and only allows inbound traffic that is a response to a valid request or is allowed by an Access Control List (ACL) or a conduit. The PIX can be configured to perform many functions including network address translation (NAT) and port address translation (PAT), as well as being a virtual private network (VPN) endpoint appliance. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... A network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. ... In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) travelling across it. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... In computer networking, Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets... It has been suggested that this article or section be merged with Port forwarding. ... VPN redirects here. ...

The PIX was the first commercially available firewall product to introduce protocol specific filtering with the introduction of the "fixup" command. The PIX "fixup" capability allows the Firewall to apply additional security policies to connections identified as using specific protocols. Two protocols for which specific fixup behaviors were developed are DNS and SMTP. The DNS fixup originally implemented a very simple but effective security policy; it allowed just one DNS response from a DNS server on the Internet (known as outside interface) for each DNS request from a client on the protected (known as inside) interface. "Fixup" has been superseded by "Inspect" on later versions of PIX OS.

The Cisco PIX was also one of the first commercially available security appliances to incorporate IPSec VPN gateway functionality. IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ...

The PIX can be managed by a command line interface (CLI) or a graphical user interface (GUI). The CLI is accessible from the serial console, telnet and SSH. GUI administration was introduced with version 4.1, and it has been through several incarnations: PIX Firewall Manager (PFM) for PIX OS versions 4.x and 5.x, which runs locally on a Windows NT client; PIX Device Manager (PDM) for PIX OS version 6.x, which runs over https and requires Java; and Adaptive Security Device Manager (ASDM) for PIX OS version 7 and greater, which can run locally on a client or in reduced-functionality mode over HTTPS.^{[5] [6] [7]} This article or section does not adequately cite its references or sources. ... GUI redirects here. ... SSH redirects here. ... https is a URI scheme used to indicate a secure HTTP connection. ... Java language redirects here. ...

As the PIX is an acquired product, the CLI was originally not aligned with the Cisco IOS syntax. Starting with version 7.0, the configuration is much more IOS-like. As the PIX only supports IP traffic (as opposed to IPX, DECNet, etc.), in most configuration commands 'ip' is omitted. The configuration is upwards compatible, but not downwards. When a 5.x or 6.x configuration is loaded on a 7.x platform, the configuration is automatically converted to 7.x formatting. This allows for an easy migration from PIX to ASA. PIX OS v7.0 is only supported on models 515, 515(E), 525 and 535. Although the 501 and 506E are relatively recent models, the flash memory size of only 8 MB prevents support of version 7.x, although rumors suggest that 7.0 can be installed on a 506E (see external links). For the PIX 515(E), a doubling of the memory size is required (32->64 MB for restricted and 64->128MB for Unrestricted/Failover licenses). Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and all current Cisco network switches. ... See also Ericsson IPX Internetwork Packet Exchange (IPX) is the OSI-model Network layer protocol in the IPX/SPX protocol stack. ... DECnet is a proprietary suite of network protocols created by Digital Equipment Corporation, originally released in 1975 in order to connect two PDP-11 minicomputers. ... A USB flash drive. ...

Description of hardware

The PIX is constructed using Intel-based/Intel-compatible motherboards. Nearly all PIXes use Ethernet NIC's with Intel network chipsets, but some older models are occasionally found with 3COM 3c590 and 3c595 Ethernet cards, Olicom-based Token-Ring cards, and Interphase-based FDDI cards. Both the PIX 510 and 520 share basic components, such as motherboard, chassis, NIC's, flash cards, etc, with the Cisco LocalDirector 416/420/430 and the Cisco Service Selector Gateway 6510 (SSG-6510), though each runs a different operating system. The PIX boots off a proprietary ISA flash memory daughtercard in the case of the PIX Classic, 10000, 510, 520, and 535, and it boots off integrated flash memory in the case of the PIX 501, 506/506e, 515/515e, 525, and WS-SVC-FWM-1-K9. Intel Corporation (NASDAQ: INTC, SEHK: 4335), founded in 1968 as Integrated Electronics Corporation, is an American multinational corporation that is best known for designing and manufacturing microprocessors and specialized integrated circuits. ... Ethernet is a large, diverse family of frame-based computer networking technologies that operate at many speeds for local area networks (LANs). ... Diagram of a motherboard chipset A chipset is a group of integrated circuits, or chips, that are designed to work together, and are usually marketed as a single product. ... 3Com (NASDAQ: COMS) is a manufacturer best known for its computer network infrastructure products. ... The Cisco SSG-6510 was a device that allows dynamic direction of IP traffic to various services. ... Bootstrapping alludes to a German legend about a Baron Münchhausen, who was able to lift himself out of a swamp by pulling himself up by his bootstraps. ... This article does not cite any references or sources. ... A USB flash drive. ... A daughterboard or daughtercard is a circuit board meant to be an extension or daughter of a motherboard (or mainboard), or occasionally another card. ...

The PIX technology implemented in the FWSM, for the Catalyst 6500 and the 7600 Router, has a part code of WS-SVC-FWM-1-K9.

Specifications of past and present models

Current models

CPU redirects here. ... Advanced Micro Devices, Inc. ... AMD 5x86-P75 The AMD 5x86 processor is an x86-compatible CPU introduced in 1995 by AMD for use in 486-class computer systems. ... The Celeron brand refers to a range of Intels x86 CPUs for budget/value personal computers. ... The Celeron brand refers to a range of Intels x86 CPUs for budget/value personal computers. ... Pentium III logo The Pentium III is an x86 (more precisely, an i686) architecture microprocessor by Intel, introduced on February 26, 1999. ... Pentium III logo The Pentium III is an x86 (more precisely, an i686) architecture microprocessor by Intel, introduced on February 26, 1999. ... The Pentium 4[1] brand refers to Intels single-core mainstream desktop and laptop CPUs introduced on November 20, 2000[2] (August 8, 2008 is the date of last shipments of Pentium 4s[3]). They had the 7th-generation architecture - called NetBurst - which was the companys first all... The Celeron brand refers to a range of Intels x86 CPUs for budget/value personal computers. ... For other uses, see IBM (disambiguation) and Big Blue. ... // Network Processor A Network Processor is an integrated circuit which has a feature set specifically targeted at the networking application domain. ... Intel i440BX The Intel 440BX, also known as the i440BX, is a chipset from Intel, supporting Pentium II, Pentium III, and Celeron processors. ... Broadcom Corporation is a leading American supplier of integrated circuits (ICs) for broadband communications. ... This is a list of computer motherboard chipsets made by Intel. ... RAM redirects here. ... 10BASE-T cable 10BASE-T plug 10BASE-T is an implementation of Ethernet which allows stations to be attached via twisted pair cable. ... 100BASE-TX is the predominant form of Fast Ethernet, providing 100 Mbit/s Ethernet. ... For other meanings of PCI, see PCI (disambiguation). ... Failover is the capability to switch over automatically to a redundant or standby computer server, system, or network upon the failure or abnormal termination of the previously active server, system, or network. ...

Discontinued models

---Information on models supported as of 6/27/2005 verified from Cisco's PIX Brochure (page 2) and the specific product pages CPU redirects here. ... Intel Corporation (NASDAQ: INTC, SEHK: 4335), founded in 1968 as Integrated Electronics Corporation, is an American multinational corporation that is best known for designing and manufacturing microprocessors and specialized integrated circuits. ... This article does not cite any references or sources. ... Intel Corporation (NASDAQ: INTC, SEHK: 4335), founded in 1968 as Integrated Electronics Corporation, is an American multinational corporation that is best known for designing and manufacturing microprocessors and specialized integrated circuits. ... The Pentium Pro is a sixth-generation x86 architecture microprocessor (P6 core) produced by Intel and was originally intended to replace the original Pentium in a full range of applications, but later, was reduced to a more narrow role as a server and high-end desktop chip. ... This article is about the computer processor instruction set. ... This article is about the computer processor instruction set. ... Intel Pentium II Logo The Pentium II is an x86 architecture microprocessor by Intel, introduced on May 7, 1997. ... A megahertz (MHz) is one million (106) hertz, a measure of frequency. ... RAM redirects here. ... This article is about a unit of data. ... IBM token ring refers to IBMs implementation of token ring technology for linking personal computers in a local area network (LAN). ... In computer networking, fiber-distributed data interface (FDDI) is a standard for data transmission in a local area network that can extend in range up to 200 km (124 miles). ... 1000BASE-SX is a fiber optic gigabit Ethernet standard. ... Failover is the capability to switch over automatically to a redundant or standby computer server, system, or network upon the failure or abnormal termination of the previously active server, system, or network. ...

Performance specifications

---Information on models supported as of 6/27/2005 verified from Cisco's PIX Brochure (page 2) and the specific product pages In data communications, cleartext is the form of a message or data which is transferred or stored without cryptographic protection. ... In communication networks, throughput is the amount of digital data per time unit that is delivered over a physical or logical link, or that is passing through a certain network node. ... A megabit per second (mbps or mbit/s) is a unit of data transmission equal to 1,000 kilobits per second or 1,000,000 bits per second. ... The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. ... In cryptography, Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... A Virtual Private Network, or VPN, is a private communications network usually used within a company, or by several different companies or organizations, communicating over a public network. ...

List of part numbers for PCI and ISA expansion cards

• Flash cards
  • ??? - 512 kB ISA flash card used in the PIX Classic and 10000.
  • ??? - 2 MB ISA flash card used in the PIX Classic, 10000, 510, and 520, as well as the SSG-6510 and many LocalDirectors.
  • PIX-FLASH-16MB - 16 MB ISA flash card for the PIX 510, 520, and 535.
• Ethernet cards
  • PIX-1GE-66 - 64 bit/66 MHz 1000baseSX card for PIX 53x. Based on the Intel Pro/1000-F fiber network card using the INTEL TL82543GC (Intel code name "Livengood") ASIC (PWLA8490sx[77]). The 1000baseT variant of this card, the Intel Pro/1000-t Server adapter (PWLA8490t[78]), is not supported by PIX OS, due to Carrier Extension [79] interoperability problems with early 1000baseT switch products [80].
  • PIX-1GE - 32 bit/33 MHz 1000baseSX card for PIX 52x. Based on the Intel PWLA8490 Pro/1000 fiber network card with the 82542 (Intel code name "Wiseman") chipset. The ASIC used on this card is the LSI L2A1157/695314-003. [81]. There is no 1000baseT variant of this card. In the release notes for PIX OS 6.02, Cisco advises against installing this card in the 525 and 535 [82], referencing caveat CSCdu00850, although this caveat actually only lists the PIX 535, which is the only model with a 66 MHz PCI bus.[83]
  • PIX-4FE-66 - 64 bit/66 MHz Four port 10/100 Fast Ethernet card. Based on the Intel 82559 chipset. Uses a DEC 21154BE bridge chip.
  • PIX-4FE - 32 bit/33 MHz Four port 10/100 Fast Ethernet card. Based on the Intel 82558b chipset. Uses an Intel 21154AC or DEC 21154AB bridge chip. All PIX-4FE's are identified as "mcwa" cards when the PIX boots. It is unclear what "mcwa" stands for.
  • PIX-1FE - 32 bit/33 MHz One port 10/100 Fast Ethernet card. Based on the Intel Pro/100+ family with the 82557, 82558 and 82559 chipsets. All PIX-1FE's and a few other non-Cisco-branded Intel cards are identified as "mcwa" cards when the PIX boots. It is unclear what "mcwa" stands for.
  • ??? - 3COM 3c590 and 3c595 PCI NIC's found in PIX Classic, 510, 515, and 520. Mentioned in version 4.4.1 install guide and supported through at least PIX OS 5.1.5 [84]. Since these are off-the-shelf PC components predating the creation of the PIX, there may not be PIX-specific part numbers for these at all.
• VPN/Encryption acceleration cards
  • PIX-VAC-PLUS - 64 bit/66 MHz IPSec Hardware VPN Accelerator Card. Supported by the 515, 515e, 520, 525, and 535 running PIX OS 6.3(1) or higher. Accelerates DES, 3DES, and AES. Part number 74-3176-01. Uses BCM5823KPB-5 chip.
  • PIX-VPN-ACCEL - 32 bit/33 MHz IPSec Hardware VPN Accelerator Card. Accelerates DES and 3DES.
  • PIX-PL2 - 32 bit/33 MHz PIX Private Line proprietary DES encryption card (discontinued and unsupported from PIX OS 6.0.1 on).
• FDDI and Token Ring cards
  • PIX-1TR - 32 bit/33 MHz 4/16 Mbit/s PCI Token Ring card based on the Olicom OC-3137/PE-67597 (discontinued and unsupported from PIX OS 6.0.1 on).
  • PIX-FDDI - 32 bit/33 MHz 100 Mbit/s SC duplex PCI FDDI card based on the Interphase 5511 FDDI card (PB05511-002). It was discontinued and unsupported from PIX OS 6.0.1 on.

This article is about the computer bus type. ... Gigabit Ethernet (GbE) is a term describing various technologies for transmitting Ethernet packets at a rate of a gigabit per second, as defined by the IEEE 802. ... Gigabit Ethernet (GbE) is a term describing various technologies for transmitting Ethernet packets at a rate of a gigabit per second, as defined by the IEEE 802. ... Digital Equipment Corporation was a pioneering American company in the computer industry. ... 3Com (NASDAQ: COMS) is a manufacturer best known for its computer network infrastructure products. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. ... Encrypt redirects here. ... IBM token ring refers to IBMs implementation of token ring technology for linking personal computers in a local area network (LAN). ... In computer networking, fiber-distributed data interface (FDDI) is a standard for data transmission in a local area network that can extend in range up to 200 km (124 miles). ...

Footnotes

^  Brantley Coile now operates Coraid, which designs and manufactures Network-attached storage
^  The "inside" port is connected to an internal, unmanaged, auto-polarity 4 port switch.
^  Restricted package / Unrestricted package limits (referred to by Cisco as R and UR/FO/FO-AA, respectively). For PIX-525, RAM configurations above 384MB are not supported by Cisco however up to 3x 256MB work for a maximum of 768MB.
^  According to Cisco, the 1000baseSX card is not officially supported by the 515/515e, but it will work.
^  VAC acceleration vs VAC+ (in parenthesis) acceleration (Implies Unrestricted package).
^  Older 520's made before February 2000 and with a serial number less than 18025677 shipped with a 2 MB flash card. Newer 520's shipped with a 16 MB flash card [85].
^  The WS-SVC-FWM-1-K9 blade has no fixed ports or internal expansion; it makes use of either VLAN interfaces (being used by physical interfaces on a remote switch) or the physical interfaces on the switch/router it is installed in.
^  PIX Classic firewalls with a serial number of 06002015 or lower came with 512k flash. Newer models came with 2 MB flash [86].
^  The WS-SVC-FWM-1-K9 blade only supports IPSec VPN for management. It doesn't have the ability to terminate a VPN connection for remote users.
^  The PIX 520 received updated PII processors as they became available, starting with the PII 233 and ending with the PII 350. The Intel-manufactured SE440BX-2 ATX motherboard in the 520 can support any Slot1 processor from the Celeron Covington, Celeron Mendocino, Pentium II Klamath, Pentium II Deschutes, and the Pentium III Katmai families, as long as the cpu's use 2.0v core voltage and can run on a 66 or 100 MHz fsb. You may also use 133 MHz FSB cpu's, but they will run at slower speeds, for example a 933 MHz cpu for 133 MHz FSB will only run at 700 MHz. A slotket can also be used to install the newer 500 MHz - 1.1 GHz Socket 370 Pentium III Coppermine cpu's, as long as the slotket provides a voltage regulator and manual bus speed selector. Using the PowerLeap PL-iP3 converter, also Tualatin processors can be used. A BIOS upgrade to the latest level of the SE440-BX2 is required. Using the bus-speed settings on the Powerleap, speeds of 1.6 GHz are possible.
Some PIX 520 Firewalls may use the Intel AL440LX motherboard instead of the SE440BX-2. The AL440LX may be replaced by a SE440BX-2 or similar motherboard, but the BIOS needs to be re-configured to support booting without keyboard connected.
^  Cannot be easily upgraded, due to clearance issues with the top cover.
^  In early 2005, Cisco indicated that PIX OS 7.x would only support the 515, 515e, 525, and 535, while a "stripped-down" version would eventually be released for the 501 and 506e. While not officially supported, it is actually possible to update the 506E to 7.x code by removing all GUI management software.
^  Running the highest possible PIX OS version requires the use of the PIX-FLASH-16MB flash card, as the 5.2 through 6.3 train won't fit on a 512KB or 2 MB flash card.
^  Shows flash chips on the 2 MB flash card versus the chips on the 16 MB flash card.
^  Various models of the 525 use different flash chips, probably due to differing production runs.
^  Shows flash chips on the 512KB flash card versus the chips on the 2 MB flash card.
^  While the PIX 535 boots off of the same ISA flash card as some PIX 510's and 520's (the PIX-FLASH-16MB) its newer on-board PIX BIOS (version 4.x) overrides the PIX BIOS on the flash card (version 3.6) at boot.
^  Since both the 510 and 520 have standard ATX motherboards, the PCI slot count can be higher or lower than the default if the motherboard is replaced with a different one.
^  The performance figures cited here are highly changeable, as one can upgrade the CPU in the PIX 520 to a 1 GHz Pentium III, which will considerably increase its throughput in all of the below categories, putting it on a level with the 525 and 535.
^  According to a 2002 field notice, 525's with serial numbers 44480380055 through 44480480044 were manufactured with erroneous eeprom information in their 82559 chips that caused the onboard FastEthernet ports to behave erratically when set to full-duplex. Starting with PIX OS 5.3.1, the "eeprom update" command will reprogram the defective data and restore normal operation permanently. Viewing the field notice requires registration [87]. Most, if not all, 525's in use today within that range have likely been corrected, but an unused or unopened unit within that range would still need the corrective action to be taken.
^  It is theoretically possible to upgrade the Socket 8 Pentium Pro processor in the PIX Classic and 10000 with either an Intel Pentium II Overdrive (300 or 333 MHz depending on the system bus speed)[88] or a Powerleap PL-Pro/II Celeron adapter[89], both of which are long out of production. The Powerleap adapter natively can allow use of a 300 - 533 MHz Mendocino Celeron PPGA processor. Coupled with the Powerleap Neo S370 FC-to-PPG adapter, one can use a 533 - 766 MHz FC-PGA Coppermine-128 Celeron processor. However, the 60 or 66 MHz bus (no 100 MHz bus) and 72-pin SIMM memory limitations of the workstation-style 440FX board used limit the potential gains in performance to be had from such upgrades. Upgrading the motherboard to a compatible server-style 440FX board with DIMM slots may allow for the use of the 440FX chipset's theoretical limit of 1 GB of RAM, although if the motherboard is to be replaced, it may arguably be more cost-efficient to upgrade to a SE440BX-2 motherboard with a slocket and Tualatin Celeron CPU. It is also worthwhile to note that PIX OS later than 5.3.4 explicitly does not support the 440FX chipset.
^  The PIX 525 is known to come with a variety of processors including 1.65V 600MHz (SL3VH) and 1.75V 600MHz (SL5BT). It would appear that all 1.65V to 1.75V 100MHz FSB CPUs would work, this has been substantiated to 1000MHz with a SL5QV 1.75V CPU. Coraid, Inc. ... Network-attached storage (NAS) is a file-level data storage connected to a computer network providing data access to heterogeneous network clients. ... A network switch is a computer networking device that connects network segments. ... The ATX (for Advanced Technology Extended) form factor was created by Intel in 1995. ... Slot 1 refers to the physical and electrical specification for the connector used by some of Intels microprocessors, including the Celeron, Pentium II and the Pentium III. Slot 1 was a departure from the square ZIF PGA/SPGA sockets used for the Pentium and earlier processors. ... The Celeron brand refers to a range of Intels x86 CPUs for budget/value personal computers. ... Intel Pentium II Logo The Pentium II is an x86 architecture microprocessor by Intel, introduced on May 7, 1997. ... Pentium III logo The Pentium III is an x86 (more precisely, an i686) architecture microprocessor by Intel, introduced on February 26, 1999. ... A typical north/southbridge layout In personal computers, the Front Side Bus (FSB) is the data transfer bus that carries information between the CPU and the northbridge of the Motherboard. ... Slotket adapter In computer hardware terminology, slotkets, also known as slockets, (both short for slot to socket adapter) are adapters that allow socket based microprocessors to be used on slot based motherboards. ... Socket 8 CPU socket was used exclusively with the Intel Pentium Pro and Pentium II OverDrive computer processors. ... The Pentium Pro is a sixth-generation x86 architecture microprocessor (P6 core) produced by Intel and was originally intended to replace the original Pentium in a full range of applications, but later, was reduced to a more narrow role as a server and high-end desktop chip. ... The Celeron brand refers to a range of Intels x86 CPUs for budget/value personal computers. ... Package Diagram for 168-Pin PGA Embedded IntelDX2™ Processor The pin grid array or PGA is a type of packaging used for integrated circuits, particularly microprocessors. ... Flip Chip Pin Grid Array - (FC-PGA) The package of certain Intel Celeron, Pentium III, and Pentium 4 processors. ... 30- (top) and 72-pin (bottom) SIMMs. ... Two types of DIMMs: a 168-pin SDRAM module (top) and a 184-pin DDR SDRAM module (bottom). ...

Citations

Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 169th day of the year (170th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 169th day of the year (170th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 233rd day of the year (234th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 28th day of the year in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 51st day of the year in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 170th day of the year (171st in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 170th day of the year (171st in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ... is the 170th day of the year (171st in leap years) in the Gregorian calendar. ...

See also

• Cisco LocalDirector
• Cisco SSG6510

Cisco LocalDirector is a server load balancing appliance based on the Network Address Translation (NAT) technology Cisco Systems acquired when they bought Network Translation, Inc. ... The Cisco SSG-6510 was a device that allows dynamic direction of IP traffic to various services. ...

External links

• Cisco's website for the PIX series
• Cisco's website for the ASA 5500 Series
• Cisco's website for the PIX
• Notes on upgrading a PIX506E to 7.x
• A basic configuration guide for the PIX
• PIX Simulator/Emulator - with over 90 challenges - Purchase required

The following links may require a free registration at Cisco's website to view.

• Version 7.0 of Cisco's hardware install instructions for various PIX models
• Cisco's website for the WS-SVC-FWM-1-K9
• Cisco site detailing what PIX features are/aren't supported by the WS-SVC-FWM-1-K9
• Cisco site detailing which hardware is supported by which PIXOS release