Cisco Unveils New PIX Firewalls, Enhanced OS


Cisco Systems Wednesday unveiled new additions to its PIX firewall line, an updated PIX Operating System, and a new SAFE blueprint for IP telephony.

The announcements boost Cisco's security posture, specifically in the area of converged networks, said Tom Russell, director of product marketing at Cisco, based here.

Cisco released new versions of its PIX 506 and 515 firewalls with its new "E" series. Designed for small offices, the 506E is a plug-and-play appliance that features a quieter fan and up to 70 percent more Triple DES (Data Encryption Standard) VPN performance than the existing 506, Russell said.

The 515E is designed for small to midsize environments and provides up to two-and-a-half times more firewall throughput than current 515 devices, he said. It also features integrated, hardware-based VPN acceleration.

Through manufacturing efficiencies, Cisco has been able to reduce the costs of the new PIX models, Russell said. At $1,695, the price of the 506E is 15 percent lower than that of the existing 506, he said. Three versions of the 515E are available starting at $3,495. Both the 506E and 515E will be available immediately.

The new PIX products bring superior performance, particularly in the VPN segment, to the lower end of the market, said Scott Strochak, president and CEO of Xtelesis, a network integration firm based in Burlingame, Calif.

"These products will allow our customers to confidently extend VPN capabilities to their networks without worrying about performance degradation that can be seem in some IPSec VPN products," he said.

"The new PIXes will help our customers protect their long-term investment, as they will be able to increase bandwidth without the need to necessarily buy bigger, faster firewalls," Strochak added.

Cisco also rolled out version 6.2 of its PIX Operating System (OS). A key enhancement in the OS allows PIX firewalls to perform as hardware-based VPN clients, which greatly simplifies VPN management, Russell said.

Other new OS features include Point-to-Point over Ethernet (PPPoE) Protocol, improved ISP compatibility in SOHO networks, LAN-based fail-over functionality, and enhanced management and multimedia capabilities.

Slated for availability in March, PIX OS v6.2 supports all of the PIX platforms.

Jeff Wankel, senior consulting engineer at N2N Solutions, Schaumburg, Ill., applauded the new price points and enhancements to the PIX line, and said the new capabilities in the PIX OS are huge.

The ability to use PIX as a hardware-based VPN client is a major plus that will allow the use of PIX at certain remote sites where it couldn't be used previously, Wankel said.

The additional horsepower of the 515E will support more VPN capabilities, he said.

"We have some clients that could use these features right away," Wankel said.

Also on Wednesday, Cisco enhanced its SAFE Blueprint for security with the release of its SAFE Blueprint for IP telephony, which provides security recommendations for IP telephony and deployment guidelines.

Since it was launched more than a year ago, the SAFE Blueprint has proven popular, said Sean Convery, Cisco technical marketing manager.

"It really speaks to a larger issue in terms of security," he said. "Partners and customers are anxious for this kind of information that explains how to deploy security in a systematic way as opposed to focusing on individual point products."

IP telephony is the next area that customers are looking to secure, so having a method sanctioned by Cisco is helpful, Wankel said.