Feature |
Benefit |
Enterprise-Class Security |
|
Reliable, purpose-built security appliance |
• Uses a proprietary, hardened operating system that eliminates the security risks associated with general-purpose operating systems
• Combines Cisco product quality with no moving parts to provide a highly reliable security platform
|
Stateful inspection firewall |
• Provides perimeter network security to prevent unauthorized network access
• Uses state-of-the-art Cisco Adaptive Security Algorithm for robust stateful inspection firewall services
• Provides flexible access-control capabilities for more than 100 predefined applications, services, and protocols, with the ability to define custom applications and services
• Simplifies management of security policies by giving administrators the ability to create re-usable network and service object groups that can be referenced by multiple security policies, simplifying initial policy definition and on-going policy maintenance
|
Advanced application and protocol inspection |
• Integrates over two dozen specialized inspection engines for protocols such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Domain Name System (DNS), Simple Network Management Protocol (SNMP), SQL*Net, Network File System (NFS), H.323 Versions 1-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), Internet Locator Service (ILS), and many more
|
Cisco Easy VPN Remote (hardware VPN client) |
• Enables dramatically simplified VPN rollouts to remote office and branch office environments by eliminating the provisioning complexities of traditional site-to-site VPN deployments
• Downloads VPN policy dynamically from a Cisco Easy VPN Server upon connection, ensuring the latest corporate security policies are enforced
• Provides robust client-side VPN resiliency with support for up to 10 Cisco Easy VPN Servers with automatic failover, in addition to Dead Peer Detection (DPD) support
• Supports optional authentication of individual users behind a Cisco PIX Security Appliance through an easy-to-use, Web-based interface with support for standard and one-time passwords (including authentication tokens)
• Extends VPN reach into environments using NAT or Port Address Transmitter (PAT), via support of Internet Engineering Task Force (IETF) UDP-based draft standard for NAT traversal
• Supports both split and non-split tunneling environments
• Provides intelligent, transparent DNS proxy capabilities for access to both corporate and public DNS servers
|
Cisco Easy VPN Server |
• Provides remote access VPN concentrator services for up to 25 remote software- or hardware-based VPN clients
• Pushes VPN policy dynamically to Cisco Easy VPN Remote-enabled solutions (such as the Cisco VPN Client) upon connection, helping to ensure that the latest corporate security policies are enforced
• Extends VPN reach into environments using NAT or PAT, via support of IETF UDP-based draft standard for NAT traversal
|
Cisco VPN Client |
• Includes a free unlimited license for the highly acclaimed, industry-leading Cisco VPN Client
• Available on wide-range of platforms, including Microsoft Windows 98, ME, NT, 2000, and XP; Sun Solaris; Intel-based Linux distributions; and Apple Macintosh OS X
• Provides many innovative features including dynamic security policy downloading from Cisco Easy VPN Server-enabled products, automatic failover to backup Easy VPN Servers, administrator customizable distributions, and more
• Integrates with the award-winning Cisco Security Agent (CSA) for comprehensive endpoint security
|
Site-to-site VPN |
• Supports IKE and IPSec VPN standards
• Extends networks securely over the Internet by helping to ensure data privacy, data integrity, and strong authentication with remote networks and remote users
• Supports 56-bit DES, 168-bit 3DES, and up to 256-bit AES data encryption to ensure data privacy
|
Intrusion prevention |
• Provides protection from more than 55 different types of popular network-based attacks ranging from malformed packet attacks to DoS attacks
• Integrates with Cisco Network Intrusion Detection System (IDS) sensors to identify and dynamically block/shun hostile network nodes
|
Authentication, authorization, and accounting (AAA) support |
• Integrates with popular AAA services via TACACS+ and RADIUS
• Provides tight integration with Cisco Secure Access Control Server (ACS) for user and administrator authentication, dynamic per-user/per-group policies, and administrator access privileges
|
X.509 certificate and CRL support |
• Supports Simple Certificate Enrollment Protocol (SCEP)-based enrollment with leading X.509 solutions from Baltimore, Entrust, Microsoft, and VeriSign
|
Integration with leading third-party solutions |
• Supports Cisco AVVID (Architecture for Voice, Video and Integrated Data) partner solutions that provide URL filtering, content filtering, virus protection, scalable remote management, and more
|
Industry certifications and evaluations |
• Earned numerous leading industry certifications and evaluations, including:
• Common Criteria Evaluated Assurance Level 4 (EAL4)
• FIPS 140-2, Level 2 Validation
|
Robust Remote Office and Branch Office Networking |
|
VLAN-based virtual interfaces |
• Provides increased flexibility when defining security policies and eases overall integration into switched network environments by supporting the creation of logical interfaces based on IEEE 802.1q VLAN tags, and the creation of security policies based on these virtual interfaces
• Supports multiple virtual interfaces on a single physical interface through VLAN trunking, with support for multiple VLAN trunks per Cisco PIX Security Appliance
• Supports up to 2 VLANs on a Cisco PIX 506E Security Appliance, providing a low-cost DMZ-enabled security solution that enables businesses to securely host Web servers, e-mail servers, and other services with the Internet or extranet environments
|
OSPF dynamic routing |
• Provides comprehensive OSPF dynamic routing services using technology based on world-renowned Cisco IOS Software
• Offers improved network reliability through fast route convergence and secure, efficient route distribution
• Delivers a secure routing solution in environments using NAT through tight integration with Cisco PIX Security Appliance NAT services
• Supports MD5-based OSPF authentication in addition to plain-text OSPF authentication, to prevent route spoofing and various routing-based DoS attacks
• Provides route redistribution between OSPF processes, including OSPF, static, and connected routes
• Supports load balancing across equal-cost multipath routes
|
Dynamic Host Configuration Protocol (DHCP) client and server |
• Obtains IP address for outside interface of appliance automatically from service provider
• Provides DHCP server services on one or more interfaces, allowing devices to obtain IP addresses dynamically
• Includes extensions for support of Cisco IP phones and Cisco SoftPhone IP telephony solutions
|
DHCP relay |
• Forwards DHCP requests from internal devices to an administrator-specified DHCP server, enabling centralized distribution, tracking and maintenance of IP addresses
|
NAT/PAT support |
• Provides dynamic, static, and policy-based NAT, and PAT services
• Allows multiple users to share a single broadband connection using a single public IP address
|
PAT for IPSec |
• Supports IPSec passthrough services, enabling a single device behind the Cisco PIX Security Appliance to establish a VPN tunnel through the firewall to a VPN peer
|
PPPoE |
• Ensures compatibility with networks that require PPP over Ethernet (PPPoE) support
|
Rich Management Capabilities |
|
CiscoWorks VMS |
• Provides a comprehensive management suite for large scale Cisco security product deployments
• Integrates policy management, software maintenance, and security monitoring in a single management console
|
// |