Re: pix 501 vs pix 506e?
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Fri, 30 Mar 2007 03:47:35 GMT
In article <j5WOh.524$vJ5.96@xxxxxxxxxxxx>, Mike <mikee@xxxxxxxxxxxx> wrote:
I work for a small company of 15 people, three of which are
remove using vpn to access internal boxes. I currently have
a 506 that is old and not updated. I am considering buying
a new pix mostly for the os image upgrade and the vpn clients.
I will soon have a full T-1 installed. Both the 501 and 506E
are rated for through put more than can possibly come in through
the T-1. Should I get a 501 or a 506E, or should I get a smartnet
(which one) and not worry about upgrading the hardware?
My current pix is at 6.3(3).
You are entitled to free updates to the latest 6.3(5)114 or so
(I'd have to look up the current build number; it's at least 112).
There are known security problems in 6.3(3), 6.3(4), 6.3(5),
and 6.3(5)112, and cisco makes free updates (within the same minor
release) available when security problems are found. Search cisco's
site for pix security 6.3(5) and you should find the link you
need fairly easily. Find the right URL, recite it to your PIX vendor
and they'll make the latest 6.3(5) available to you.
There is no PIX 7.x release available for the PIX 501, 506,
or 506E, and there never will be, so there is no good in buying
one of them expecting to get PIX 7. The PIX 501 and 506 and 506E
are essentially at the end of their software development lifecycle,
and buying a new one just to get the new software release would not
be a good investment, especially since the release is free.
If you are wanting PIX 7, you would need to buy at least a
515 (used, from an authorized reseller), or a 515E (available new),
or a 525 or 535: active software development is still ongoing for
them, but it isn't clear for how much longer.
The current cisco firewall family that *is* being actively developed
and will continue to be developed, is the cisco ASA 5500 series.
They run the same PIX 7.2 OS but with some different features enabled.
The 7.0 and 7.1 series for the ASA were unable to handle some PPTP
and PPPoE features; several of those missing features became
available with 7.2(1); if the ASA has not completely caught up
then it is only a relatively narrow range of features that might
still be lacking.
You'd probably be looking at somewhere around an ASA 5510;
add the Advanced services license if you want VLANs. The cost
would probably be fairly similar to that of a PIX 506E.
But if you do decide to head to the ASA, before deciding on a model,
read the models comparison chart -carefully-. The 5505 is
essentially the new PIX 501 equivilent, with very very few of the
new features that differentiate the ASA from the PIX.
The 5510 Basic is better, but still quite restricted. Useful
VLANs you don't get until the 5501 Advanced I seem to recall.
The 5520 is really the first full-featured ASA model, if you
buy the additional modules (and associated licenses).
In summary: if you -were- to buy an ASA because you wanted the new PIX
7 features, then the 5505 would probably be very much the wrong model
for you. The 5505 is for the people who could make do with a PIX 501
really but don't want to buy into a defunct hardware line.
.
- Follow-Ups:
- Re: pix 501 vs pix 506e?
- From: Frank Winkler
- Re: pix 501 vs pix 506e?
- References:
- pix 501 vs pix 506e?
- From: Mike
- pix 501 vs pix 506e?
- Prev by Date: Re: Mutliple IPs on a 515
- Next by Date: Re: Cisco ASA logging
- Previous by thread: pix 501 vs pix 506e?
- Next by thread: Re: pix 501 vs pix 506e?
- Index(es):
Relevant Pages
|
