TABLE OF CONTENTS The PIX 500 series firewalls provide robust performance and support scalable security architectures of all sizes. The PIX firewall provides stateful packet inspection, content filtering, virtual private network (VPN) termination, address translation, and security for multimedia applications.
The PIX uses an embedded operating system (OS) where the OS is self-contained in the device and resident in read-only memory (ROM). The PIX is based on a hardened, specialized OS specific to security services. This OS allows for kernel simplification, which supports explicit certification and validation: The PIX OS has been tested for vendor certification such as ICSA Labs' firewall product certification criteria, as well as the very difficult-to-obtain International Organization for Standard(ISO) Common Criteria EAL4 certification. Kernel simplification has advantages in throughput as well; the PIX 535 supports up to 256,000 simultaneous connections, far exceeding the capabilities of a UNIX- or Windows-based OS on equivalent hardware. The PIX OS syntax is similar to the Cisco Internetwork Operating System (IOS), meaning a flatter learning curve for anyone familiar with Cisco software.
The Adaptive Security Algorithm (ASA) determines if packets should be allowed through the firewall in accordance with policy implemented on the firewall. The PIX evaluates packet information against existing state information and decides whether or not to pass the packet.
The information flow control policy is an expression of the information that is allowed to flow through the network. A sample policy might be, "If the datastream was initiated by someone...
