[fw-wiz] Disecting the Cisco PIX

From: Art Mason (a.c.mason@sbcglobal.net)
Date: 07/30/02 

From: Art Mason <a.c.mason@sbcglobal.net>
To: firewall-wizards@honor.icsalabs.com
Date: Tue Jul 30 14:05:36 2002

Out of curiosity, has anyone here ever cracked open any of the Cisco PIX
series firewalls chassis? From what I've gathered by reading up on
their product information and by what people have said about them in
various mailing lists and newsgroups, they are actually built on an x86
hardware platform w/ a Celeron 300MHz (PIX 506E) to Pentium III 1.0GHz
(PIX 535) CPU and anywhere from 32MB to 1GB RAM . I understand the
storage media to be compact flash (4-16MB capacity) and on the low-end
models w/ 10Mb throughput, they actually use an ISA NIC in the chassis.
I've also read that the PIX doesn't support local logging (everything
needs to be redirected to a syslog server). Can anyone confirm any of
this? If so, why couldn't one just throw OpenBSD onto some flash media,
drop a couple of Intel Pro100+ dual-port NICs in a 2U rackmount case,
maybe offload some of the VPN stuff onto an ASIC-based encryption
acceleration card, and save some big bucks, granted they know how to set
up PF from the CLI? This is just something I've been wondering about
for a while, and was curious as to what others in the know had to say
about it. Thanks in advance.

Art Mason