PIX 525 (v7) with Gb interfaces

Is there any point?

Any idea what kind of throughput the PIX itself will support if I put a couple of Gb interfaces in it?

Reply to
Arthur Brain
Loading thread data ...

Generally speaking, firewalls are governed by sessions and everything depends on what kind of services you are running on it. This is taken from Cisco's 525 site:

"The Cisco PIX 525 modular two-rack-unit design supports up to eight

10/100 Fast Ethernet interfaces or three Gigabit Ethernet interfaces, making it an ideal appliance for businesses that need a resilient, high-performance, Gigabit Ethernet-ready solution that provides solid investment protection. It also delivers more than 330 Mbps of firewall throughput with the capability to handle more than 280,000 simultaneous sessions."

formatting link
So to answer your question, it most likely depends on sessions more than anything, and the above statement says something about 330 mbps of firewall throughput which I'm sure is generic or simple configurations. Since its limited to 3 interfaces, I would not suspect that it can handle a ton of bandwidth, but it most likely depends on a bunch of other factors. The organization I work for recently went to checkpoint on crossbeam hardware due to their significantly better performance in terms of sessions. While the hardware was rated the same between the old platform and the new, the crossbeams gave us significantly better performance in terms of same sessions with much less processor (

Reply to

It is bus limited -- all of the Gb interfaces on a PIX 525 are on a single PCI 32 card, if I recall correctly.

330 Mb/s is the standard PCI 32 bus limitation I believe.

An important difference between the PIX 535 and 525 is that the PIX 535 uses two busses, one PCI 32 and the other PCI 64; the second generation PIX GB interface card is designed to support the PCI 64 but the first generation interface card (such as was sold with the PIX 525 originally) is not. (Which really only makes a difference if you take a card out of a 525 and put it into a 535.)

(Some of the documentation hints that later generation PIX 535 went for two PCI 64 busses, but that was not stated explicitly in any document I recall seeing.)

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.