|
Posted by Ken on December 17, 2005, 3:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I am considering replacing my present Netgear RT314 router + Zone Alarm
Pro with a hardware firewall. My IT chief at work tells me my home
network would be much more secure that way.
I am interested to know how difficult the 501 is to set up and
understand, whether there are licenses that need to be purchsed, do they
need to be purchased each year, and is there any special software that
needs to be purchased? I like the fact that I could set up a VPN with
ny system without having a port open all the time so that I could access
my oomputer on trips.
Obviously, I am a newbie at this so please be gentle...!
Thanks
Ken K
|
|
Posted by Jerry Gardner on December 17, 2005, 8:00 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Ken wrote:
> I am considering replacing my present Netgear RT314 router + Zone Alarm
> Pro with a hardware firewall. My IT chief at work tells me my home
> network would be much more secure that way.
>
> I am interested to know how difficult the 501 is to set up and
> understand, whether there are licenses that need to be purchsed, do they
> need to be purchased each year, and is there any special software that
> needs to be purchased? I like the fact that I could set up a VPN with
> ny system without having a port open all the time so that I could access
> my oomputer on trips.
Ken,
Also consider a Netscreen firewall such as the 5GT. About the same price
as a PIX 501, but easier to setup and configure. The 5GT is roughly
equivalent to the PIX 506E.
Most of the higher-end firewalls have two licensed versions: 10 users
and unlimited users. This is the case with the PIX and the Netscreen
(although the PIX also offers a 50 user license).
|
|
Posted by Walter Roberson on December 17, 2005, 10:44 pm
If you were Registered and logged in, you could reply and use other advanced thread options >I am interested to know how difficult the 501 is to set up and
>understand, whether there are licenses that need to be purchsed, do they
>need to be purchased each year, and is there any special software that
>needs to be purchased?
Addressing the questions a bit out of order:
- There is no special software required for PIX.
- If you want to use the graphical interface to configure the PIX,
then that is java based, so you would need Java 5 (I think it is);
the graphical interface is no extra cost, though.
- Once you have bought a PIX, you have the right to keep using it
indefinitely; there are no yearly license fees required
- The PIX 501 has a fairly short warrantee (90 days or so), during which
time you are entitled to software updates and to create support
cases.
- If you want support after that time, you would need to obtain a support
contract. Most vendors sell those in one year chunks, but there is
also a 3 year contract part number, and the better vendors can
arrange a support contract for any arbitrary period of time (up to
5 years) -- e.g., you could buy 42 days of support starting on
Feb 28th if you wanted to go through the trouble.
- After the end of your warrantee, if you are not under support, then
you are not certain to receive any software upgrade for free.
- The Cisco -policy- (i.e., something subject to change) has been that
if a security problem is found in a release, then customers are given
free updates to the first subrelease of the same minor release
that fixes that security problem. For example, if you had
6.3(1) then you would have been given 6.3(3) because that fixed
security problems in 6.3(1). However, if the same security problem
had been found in 6.2(3) and that was the release you had, you would
probably not be given the 6.3(3) update: Cisco would instead likely
create a new 6.2 minor release (e.g., 6.2(4)) and give you that.
Cisco distinguishes "updates" (same minor version, e.g., 6.3(*))
from "upgrades" (different minor versions, e.g., 6.2(*) vs 6.3(*)),
and it is quite uncommon for Cisco to give a free "upgrade".
So if you buy in at 6.3(something) and do not obtain support,
and 6.4 comes out 100 days after your purchase, then you are likely
to be stuck at 6.3 unless you pay for an "upgrade" or support contract.
[It isn't -unheard of- for Cisco to allow a free "upgrade", but
it is decidely -uncommon-.]
- There are different support contracts, distinguished mostly by
the hours during which you can open new support cases, by the
response time that Cisco promises, and by whether you have
onsite support or not. The 4-hour response time and 2-hour response
time contracts are only available in areas that are within
limited distances of existing Cisco parts depots.
- As the other poster alluded to, the Cisco PIX 501 is available
with a 10 user license, a 50 user license, or an unlimited license.
None of the other PIX models have per-user licenses. The PIX 506E
is available only with a single license type, permitting unlimited
users. The PIX 515/515E, 525, and 535 are available with several types
of licenses, most notably "Restricted" or "Unrestricted", but also
"Failover", and there are a few new license types added in PIX 7.0
(which is available for those models but not the 501 or 506E).
Restricted licenses have stronger limits on the number of physical
and logical interfaces, and do not support dual-firewall "failover"
configurations; Unrestricted have more generouse interface restrictions
and support failover. The price difference between the two is steep.
- The difficulty of the PIX 501 to set up and understand depends a *lot*
on what you want to do with it. There are a lot of different
configuration parameters possible, most of which are completely
irrelevant to someone who just wants to keep other people out.
The graphical interface has a "VPN Wizard" which makes it relatively
easy to configure simple secure remote access.
- But to really understand the PIX software and how all the different
parameters interact with each other takes literally -years- of hard
study. I've put in those years, and there are still lots of things I
don't know, [e.g., the proper arragnement in order to authenticate
users against remote Windows RAS.]
--
"It is important to remember that when it comes to law, computers
never make copies, only human beings make copies. Computers are given
commands, not permission. Only people can be given permission."
-- Brad Templeton
|
| Similar Threads | Posted | | sonicwall users info and bandwidth log info | February 3, 2005, 10:25 pm |
| Info | March 1, 2007, 4:24 pm |
| Router Info. | June 16, 2005, 5:01 am |
| Info log TCPDUMP | March 28, 2007, 4:57 pm |
| 1yz.info - Anonymous Proxy | December 24, 2007, 3:18 am |
| Info abour speed with firewall. | January 21, 2006, 4:58 am |
| Info configurazione Outpost, problema. help! | October 8, 2006, 10:55 am |
| NEW FREE CGI WEB PROXY - www.3urf.info | July 11, 2007, 1:09 am |
| Firewall and SSL working with Web Form info | September 5, 2007, 4:45 pm |
| New working proxy unblock201.info and more | October 5, 2007, 12:31 pm |
|
XML site map