Full Text

Cisco Systems Cisco Secure PIX Firewall 520

The Cisco Secure PIX Firewall 520 is a hardware firewall, which has great appeal in the area of performance but is less attractive when it comes to management. The command-line interface (CLI) is less than friendly-even if you're familiar with Cisco's IOS (Internetwork Operating System). However, the company is making strides in supporting a more userfriendly GUI with its Cisco Secure Policy Manager. CSPM is aimed at installations with more than a few PIX firewalls on the network. But be prepared to spend some time learning CSPM and buying into its paradigm, which is a departure from conventional firewall management strategies. We found its VPN performance rather slow compared with both the VPN-1 Gateway and the NetScreen100, but the firewall throughput hovered around 150 Mbps-a very respectable figure.

CSPM is an improvement, but there's no question that it requires you to think of your network security in new ways. Following its paradigm, similar to that of CiscoWorks2000, we first had to model our network in the GUI and then push the security configuration out to the remote devices. After looking at the PIX command line, we...