Full Text

Over the past year the firewall industry has continued its game of leapfrog. Vendor X announces Function A that slightly outperforms that of Vendor Y's product, only to be slighted by Vendor Z's release six months later. While I imagine this will continue for some time, Cisco Systems has recently made some innovative moves that might change the game a bit.

For the past few months NETWORK COMPUTING has been investigating some of the newer features and models of the Cisco PIX family of firewalls. We've taken a peek at PIX OS 6.0 and its new PIX Device Manager (PDM), test-driven the high-availability features of the PIX, gone deeper into our investigation of CSPM (Cisco Secure Policy Manager), and deployed the PIX 506 at a remote site. Although Cisco still faces a number of challenges, the competition better take notice: Cisco is making the right moves in the right direction with its PIX line of firewalls.

PIXEN IN THE LAB

My first task was to get the PIX 506, a small firewall unit aimed at the SOHO (small office/home office) market, up and running at one of our remote sites. Despite its smaller form factor (it's a stand-alone unit), fewer ports (only three) and lower CPU power, the 506 operates the same as other PIX units. Instead of simply deploying the PIX 506 and administering it over telnet or SSH (Secure Shell), I decided to test the new management features of the upcoming PIX 6.0 OS. This release has some interesting additions, the most significant being the Cisco PIX Device Manager (PDM). PDM is a new Java-based GUI management console that allows for remote administration of the units over basic HTTP with SSL (Secure Sockets Layer). PDM doesn't replace CSPM, one of Cisco's enterprise framework products but serves as a compact, single-device-management tool. PDM runs on any JVM...