Cisco PIX 535
The Cisco PIX 535 Firewall is the ultimate enterprise firewall designed for enterprise
networks and service providers. The PIX 535 is rack-mountable and fits a 3U configuration.
It has a 1-GHz processor, up to 1 GB of RAM, and 16 MB of Flash memory. It has nine PCI
slots for the installation of up to ten Ethernet interfaces. It has a 9600-baud console port that
is used for local device management.
The PIX 535 can be configured for failover using a failover cable connected to the 115-kbps
serial connection or configured for LAN-based failover. The PIX 535 is also available with
redundant hot-swappable power supplies.
The PIX 535 can also be configured with a VAC or VAC+. The VAC and VAC+ handle much
of the VPN traffic processing (encryption and decryption), thus improving the firewall’s
performance. The VAC and VAC+ are recommended for firewalls that connect multiple hightraffic
VPNs.
NOTE The installation of additional physical interfaces and failover requires that the
software license be upgraded from the Restricted Bundle.
Table 3-5 Cisco PIX 525 Licenses
License Function
Restricted Software License Support for 128 MB of RAM and up to six total 10/100
interfaces or three Gigabit interfaces (plus the two 10/100
onboard interfaces).
Unrestricted Software License Support for 256 MB of RAM, a total of eight 10/100 interfaces or
three Gigabit interfaces (plus the two onboard 10/100 interfaces),
stateful failover, integrated VAC or VAC+, and 50 security
contexts.
Failover Software License Support for a “hot standby” system designed to operate in
conjunction with an active system running the unrestricted
license.
PIX Firewall Model Capabilities 59
Connection capabilities for the PIX 535 are as follows:
■ Maximum clear-text throughput—1.7 GBps
■ Maximum throughput (3DES)—100 Mbps with VAC
■ Maximum throughput (3DES)—440 Mbps with VAC+
■ Maximum throughput (128 AES)—535 Mbps with VAC+
■ Maximum throughput (256 AES)—440 Mbps with VAC+
■ Maximum concurrent connections—500,000
■ Maximum concurrent VPN peers—2000
As shown in Figure 3-12, the PIX 535 has two LEDs on the front. These LEDs indicate that
the firewall has power and that the system is active (the OS is loaded and passing traffic). The
active light indicates which device of a failover pair is active and which is standby.