(R)estricted = no failover, max 3 interfaces, 50K concurrent connections.
(UR)estricted = failover, max 6 interfaces, over 100K concurrent
connections.
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pix51_ds.htm
It can more than handle 100 users either way. Unless you want failover and
more than 3 interfaces, go with the R. Both have ~170Mb max thruput. The
506 has only 2 interfaces and could most likely handle the 100 users at
~6-7Mb thruput and I know it's for over 100 simultaneous connections (can't
remember exactly how many).
Hope that helps.
Allen
----- Original Message -----
From: "Ole Drews Jensen"
To: "'Allen May'" ;
Sent: Tuesday, September 25, 2001 11:44 AM
Subject: RE: Personal Security Recommandation - Cisco PIX or ? [7:21012]
> Thanks (as always) Allen,
>
> I do have a couple of additional questions is you have a minute:
>
> PIX firewalls available now is as far as I can see the 515R, 515UR and
520.
>
> We need to protect two LAN's, so I will either have to go with two 515R's
or
> one 515UR.
>
> When I look at the prices, it would be less expensive to get two 515R's,
and
> that would make administration easier, because we are two people,
> responsible for one LAN each. However, the 515R only has 32MB, and with
> about 100 people on each LAN, I don't know if that would be enough.
>
> Also, I am not sure what "restricted software" on the 515R means, and the
> CPQRG doesn't give me that information off hand.
>
> Any good advise here?
>
> Thanks again,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ole Drews Jensen
> Systems Network Manager
> CCNA, MCSE, MCP+I
> RWR Enterprises, Inc.
> [EMAIL PROTECTED]
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> http://www.RouterChief.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NEED A JOB ???
> http://www.oledrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> -----Original Message-----
> From: Allen May [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 11:31 AM
> To: Ole Drews Jensen; [EMAIL PROTECTED]
> Subject: Re: Personal Security Recommandation - Cisco PIX or ? [7:21012]
>
>
> Comments inline:
>
> ----- Original Message -----
> From: "Ole Drews Jensen"
> To:
> Sent: Tuesday, September 25, 2001 11:07 AM
> Subject: Personal Security Recommandation - Cisco PIX or ? [7:21012]
>
>
> > In regards to network design in the security area, I would like to start
a
> > discussion / get feedback from those of you who have dealt / are dealing
> > with this.
> >
> > I know that I can most likely pull up some websites that has answers to
> > this, but I would like a feedback from "real people" that are working
with
> > this.
> >
> > I am only now in the process of finishing my last exam for the CCNP, and
I
> > am then planning on going towards the security specialization.
Therefore,
> my
> > knowledge of firewalls, vpn's, etc. are not that great.
>
> Learn IPSec first thing when you concentrate on Security.
>
> >
> > We have at the company I work for used Check Point, but that's a very
> > expensive product, and needs to be relicensed over and over. We are
> > currently using Gauntlet, but that will be discontinued on the Windows
NT
> > platform.
> >
> > Because of this, I am now trying to get some feeling for a good
solution,
> > and (of course) Cisco's PIX came to my mind. However, I have a couple of
> > questions I would like to get some feedback on, and perhaps start a
short
> > discussion.
> >
> > How is the PIX compared to other products when looking at:
> >
> > 1) Difficulty of administration?
>
> If you're used to a command line interface and Cisco IOS, it's different,
> but concepts are basically the same. As of 6.0 there is a GUI interface.
> Tons of example configs are out there and in the manual.
>
> > 2) Price?
> Estimated:
> 501 - ~$850 (2 interfaces only)
> 506 - ~$1400 (2 interfaces only)
> 515 - up ~around 5 digits...it depends on what you put in it. CDW.com
will
> give you some basic guidelines for estimated prices.
>
> > 3) Effectiveness of intruder protection?
> Well...it's a firewall. It's as effective as you make it. IP reverse
> verify helps stop spoofing, static embryonics help prevent DOS attacks,
etc.
> It only allows access to ports you specify so it's only as secure as the
> servers behind it on those ports (as is any firewall). It can tie in with
> other software for IDS and outbound URL restrictions as well. ActiveX
> filters can block all ActiveX if you like. SYSLOG output allows any 3rd
> party software that monitors SYSLOG to work.
>
> > 4) Speed (slowing down the communication)?
>
> 501 and 506 are 10Mb but clock around 6-7Mb on tests. Other models are
> 100Mb and clock much higher. If you use IPSec encryption it will
obviously
> slow this down.
>
> >
> > and
> >
> > 5) What would you recommend?
>
> PIX is my personal favorite IMHO.
>
> >
> > Thank you very much for your time on this,
> >
> > Ole
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Ole Drews Jensen
> > Systems Network Manager
> > CCNA, MCSE, MCP+I
> > RWR Enterprises, Inc.
> > [EMAIL PROTECTED]
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > http://www.RouterChief.com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > NEED A JOB ???
> > http://www.oledrews.com/job
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21032&t=21012
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
