Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 10
install and maintain VPN client software on the individual devices protected by a remote Cisco PIX Security
Appliance. Advanced client-side resiliency features help ensure maximum VPN uptime by providing automatic
failover to backup Easy VPN Servers in the event of a network or service failure.
Integrated Intrusion Protection Guards Against Popular Internet Threats
The integrated in-line intrusion-protection capabilities in Cisco PIX Security Appliances protect today’s networks
from many popularforms ofattacks, includingDenial-of-Service (DoS) attacks and malformed packet attacks. Using
a wealth of advanced intrusion-protection features, including DNSGuard, FloodGuard, FragGuard, MailGuard,
IPVerify and TCP intercept, in addition to looking for morethan 55different attack“signatures,” CiscoPIX Security
Appliances keep a vigilant watch for attacks, can optionally block them, and can notify administrators about them
inreal time. Additionally, Cisco PIXSecurityAppliances support virtual packetreassembly,searchingforattacks that
are hidden over a series of fragmented packets. Strong integration with Cisco Intrusion Detection Systems (IDS)
sensors enables Cisco PIX Security Appliances to automatically shun (block) network nodes identified as being
hostile by Cisco IDS sensors.
Enterprise-Class Resiliency Provides Maximum Business Uptime
Cisco PIX Security Appliance select models provide award-winning stateful failover capabilities that ensure resilient
network protection for enterprise network environments. Employing a cost-effective, active-standby,
high-availability architecture, Cisco PIX Security Appliances that are configured as a failover pair continuously
synchronize their connection state and device configuration data. Synchronization can take place over a high-speed
LAN connection, providing another layer of protection through the ability to geographically separate the failover
pair. In the event of a system or network failure, network sessions are automatically transitioned between firewalls,
with complete transparency to users.
Robust Remote-Management Solutions Lower Total Cost of Ownership
Cisco PIX Security Appliances deliver a wealth of remote-management methods for configuration, monitoring, and
troubleshooting. Management solutions range from centralized, policy-based management tools to integrated,
Web-based management to supportfor remote-monitoring protocols such as Simple NetworkManagement Protocol
(SNMP) and syslog. Cisco PIX Security Appliances additionally provide up to 16 levels of customizable
administrative roles so that enterprises can grant administrators and operations personnel the appropriate level of
access to each firewall (for example, monitoring only, read-onlyaccess to the configuration, VPN configurationonly,
firewall configuration only, and so on). Cisco PIX Security Appliances also include robust Auto Update capabilities,
a set of revolutionary secure remote-management services that ensure firewall configurations and software images
are kept up to date.
Administrators can easily manage large numbers of remote Cisco PIX Security Appliances using CiscoWorks VPN/
Security Management Solution (VMS). This suite consists of numerous modules including Management Center for
Firewalls, Auto Update Server Software, and Security Monitor. This powerful combination provides a highly
scalable, next-generation, three-tier management solution that includes the following features:
• Comprehensive configuration and software image management
• Device hierarchy with “Smart Rules”-based configuration inheritance
