RE: [fw-wiz] Disecting the Cisco PIX

From: Noonan, Wesley (Wesley_Noonan@bmc.com)
Date: 07/30/02 

From: "Noonan, Wesley" <Wesley_Noonan@bmc.com>
To: "'Art Mason'" <a.c.mason@sbcglobal.net>, firewall-wizards@honor.icsalabs.com
Date: Tue Jul 30 15:34:36 2002

inline

Wes Noonan, MCSE/CCNA/CCDA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan@bmc.com
http://www.bmc.com

> -----Original Message-----
> From: Art Mason [mailto:a.c.mason@sbcglobal.net]
> Sent: Tuesday, July 30, 2002 11:40
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Disecting the Cisco PIX
>
> Out of curiosity, has anyone here ever cracked open any of the Cisco PIX
> series firewalls chassis? From what I've gathered by reading up on
> their product information and by what people have said about them in
> various mailing lists and newsgroups, they are actually built on an x86
> hardware platform w/ a Celeron 300MHz (PIX 506E) to Pentium III 1.0GHz
> (PIX 535) CPU and anywhere from 32MB to 1GB RAM .

Yeah. Dunno the specs off the top of my head, but they are essentially PCs.

> I understand the
> storage media to be compact flash (4-16MB capacity) and on the low-end
> models w/ 10Mb throughput, they actually use an ISA NIC in the chassis.

Dunno about the ISA NIC thing, but I know people that have managed to get
them to work using a regular old desktop NIC... though it is not supported
by Cisco for obvious reasons.

> I've also read that the PIX doesn't support local logging (everything
> needs to be redirected to a syslog server). Can anyone confirm any of
> this?

Local logging in what capacity? To the file system? No, not realistically.
To the console, yeah. To a history buffer, yeah.

> If so, why couldn't one just throw OpenBSD onto some flash media,
> drop a couple of Intel Pro100+ dual-port NICs in a 2U rackmount case,
> maybe offload some of the VPN stuff onto an ASIC-based encryption
> acceleration card, and save some big bucks, granted they know how to set
> up PF from the CLI?

What big bucks? The bucks for the hardware? The bucks for the person who can
write the code? The bucks for the person who maintains the code? Not sure I
follow. I suppose that small shops all over the place that have specialized
Unix expertise actually do this all the time, but it think that it is more a
niche scenario than anything else.

> This is just something I've been wondering about
> for a while, and was curious as to what others in the know had to say
> about it. Thanks in advance.
>

Interesting idea, in certain circumstances.

Relevant Pages

  • Re: Congress OKs Gun Industry Lawsuit Shield
    ... but do you know who pays for Righties to run? ... >>large numbers of common folk chipping in twenty bucks each. ... Republicans in the highest levels are known liars. ... Yeah right, and a clue is about all you have. ...
    (rec.crafts.metalworking)
  • Re: Casio analog waveceptor
    ... The bracelet is pretty nice... ... the bracelet is worth like $29 bucks. ... Yeah I spent four months in King of Prussia.... ...
    (alt.horology)
  • Re: ** Try This Best Free WebHost **
    ... I don't get this whole "fee Web hosting" thing. ... month, 60 bucks a year, for hosting and registration of 2 domains. ... Yeah, yeah, I know, I'm better off ... it's time to get a new hobby. ...
    (alt.html)
  • Re: OT: Dumb question
    ... >>which actually for Keith isn't bad, he usually only eats one big meal ... > Yeah, but how many places can you get a good meal for only 15 bucks? ... between what it would cost him at home and what it costs there. ...
    (sci.med.transcription)