Moving to help its customers manage their security architectures and help those systems keep up with traffic, Cisco Systems Inc. on Wednesday announced new software for its Pix Firewall platform and the availability of new hardware models to join that line.
The introductions come as Cisco labors to expand its popular security and intrusion-detection tools to deal with growing traffic and new ways of using data networks. As part of the software upgrade, the dominant router and data-switch vendor also introduced software features for securing IP phone calls and multicast traffic.
"While we're trying to secure the network, the network's getting more diverse all the time," said Mike Volpi, senior vice president of Cisco's Internet Switching & Services Group, in a news briefing at Cisco's headquarters here.
In addition to supplying the routers and switches used in many enterprise networks worldwide, Cisco offers several popular tools to keep those networks secure. They include the Pix firewalls, a software router integrated with its router software, and an appliance built for VPN (virtual private network) termination. For intrusion detection, Cisco offers a standalone appliance, a hardware module for Cisco Catalyst 6000 switches and a software product.
Version 6.2 of the Pix Firewall Operating System will allow firewalls at remote sites to serve as end points of a VPN and automatically download new configurations and policies as VPN tunnels are established, said Richard Palmer, vice president and general manager for VPN & Security Services at Cisco. This will make it easier for large enterprises to deploy thousands of firewalls across an organization, he said.
The software upgrade also adds features to help the firewalls secure voice traffic that uses the H.323v2 protocols and Session Initiative Protocol (SIP). In addition, support for a function called Stub Multicast Routing will allow customers to securely use multicasting, a bandwidth-conserving way of sending one stream of data to many places, according to Cisco.
The Pix 506E and 515E firewalls introduced Wednesday are similar to the outgoing Pix 506 remote-office firewall and Pix 515 for small and medium-sized businesses, but with much higher throughput, according to Cisco. Added processing power helped the new models achieve up to two and a half times the maximum data throughput of the previous models, the company said in a statement. Pix 515E models can also be purchased with integrated hardware-based acceleration of VPN functions, boosting VPN speed while offloading work from the firewall's central processor.
The Pix 506E and 515E Firewalls are available now, priced starting at US$1,695 for the 506E and $3,495 for the 515E. Version 6.2 of the Pix operating system will be available by the end of this quarter and is free to customers with a current Cisco Smartnet contract.