Results 1 to 9 of 9

Thread: Cisco Pix 501

  1. #1
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718

    Cisco Pix 501

    Hello all,
    We recently decided to purchase a firewall for our network (in light of a new network line we'll be running).I did some research and found the Cisco Pix 501 to be adequate for our network. I read a bunch of reviews and noticed decent remarks in regards to the 501 (mainly that it has an excellent GUI for configuring the system).
    My question is this, has anyone here had experience with the 500 Cisco series? I'm just curious if anyone has had any bad experiences, or any input for that matter. Thanks.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  2. #2
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    Cisco make good stuff, but are also one of the most expensive choices. I can't comment on the GUI interface; I'm mostly an IOS CLI person.
    (\__/)
    (='.'=)
    (")_(")

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I have quite a few of them deployed out in my organization. They are very solid and have never had hardware failure issues. I use CLI because I'm old school and because the GUI does leave out some of the feature sets. Cisco does have a doc on their site that details this. If you don't need the additional command sets, then the GUI is just fine.

    I find that they come light on the flash RAM and system RAM. I always upgrade these before deployment because I tend to see them bog down heavily when I run Nessus scans across them. The connection table fills up almost instantly and the device crawls almost to a halt. The serial console connection barely responds. To be fair, these little guys aren't really meant for heavy loads. Pretty much a SOHO is the cap for them.

    However, once you jack up the RAM and get the 6.3 IOS on there, life is good. They hold up pretty well, even during my weekly abusive scans. lol.

    --TH13
    Last edited by thehorse13; January 14th, 2007 at 03:51 PM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    thehorse13,
    Thanks for the reply. How did you go about updating the RAM and the IOS? Are these features that are included in any bundles? Also, what's the starting RAM for this thing so I can check the specs of the unit I ordered to make sure it needs a RAM upgrade. thanks again for the help.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    All of my upgrades and/or base model purchases are handled by meh kiddie interns. I will inquire first thing tomorrow. I want to say that they come with 128 Meg of system RAM and 8 Meg of flash RAM but let me check for sure.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    The 501 is good for the very small SOHO setup, but a lot of what you get with any PIX security appliance depends on the licence you get with it. The 501 for example can come with a 10-user, 50-user or an unlimited user licence; unlike the other 500 series security appliances which have connection licences.

    It has a 133Mhz CPU. 8MB Flash and 16MB SDRAM and can support up to 7500 concurrent connections.

    If you get it with release 6.3 or later of the security appliance software it will come with a 10/100BASE-T Outside interface but if you get one prior to this you will just have 10BASE-T - unless you are getting it second hand you will almost definitely have a later PIX O/S that 6.3. For the Inside interfaces it has a 4 port 10/100 switch.

    It only has a 60 Mbps clear text throughput though...and is limited to 10 concurrent VPN peers (IKE/IPSEC SA's)

    Whilst the 501 is good, for what you would pay for an unlimited user license you would be able to pick up a 506E, which is the next one up from the 501.

    This is still geared to the SOHO/ROBO setup but is a lot more robust and has a connection license rather than a user license and has a 100 Mbps throughput, VLAN support, 25 VPN peers with a lot better VPN throughput than the 501.

    It can have 25,000 concurrent connections and has a 300Mhz CPU, 32MB SDRAM and 8 MB Flash.



    Once you have a IKE/IPSEC SA or two established (VPN) and have a fairly average amount of traffic for a SOHO setup going over a 501 you do start to notice the 60 Mbps limitation ...and then you start to get pissed off with it......I would really stress the fact of getting a 506E instead unless you are a very small SOHO setup that does not need any VPN connectivity or you are not going to use it as your sole firewall.

    http://www.tazforum.**********.com/viewtopic.php?t=3469

    Hope it helps you! 
    Last edited by Nokia; January 15th, 2007 at 10:39 PM.

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    You might want to have a look at the Cisco ASA 5505, ASA being the PIX newer replacement line, and the 5505 being the equivalent of the 501...


    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    You've gotten a wealth of infos from others. However, to answer your question, we order them as I stated, which is simply done with a memory upgrade from the base 16 meg of RAM to 128 (because of the IOS features used). Flash RAM is not touched but you will need 16 meg of flash RAM to support version 6.3 IOS.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Well I appreciate all the responses. I checked the unit we ordered and it comes with exactly what everyone is indicating: 8MB Flash / 16MB RAM.
    More important is that I didn't hear any negative feedback about the unit itself which is crucial to me.
    I'll look into upgrading the unit once it comes in and I get it setup. However, I'd like to initially run it without the upgrades to see if there's a need to upgrade. Being that I work for the state, I unfortunately can't put in for a purchase without good reason. Again, thanks for the input guys.
    Last edited by ShagDevil; January 17th, 2007 at 05:38 PM.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •