Firewall Overview PI X 506 E PI X 6.3 55 No Yes Catalyst 6500 FWSM FWSM 2.2+ 0 Yes 1 No 1100 No Yes 1100+ Yes Yes 1100+ Yes Yes 16 PIX 501 Operating System IDS Failover AAA and Cut- Through Proxy Command- Line Inter- face PIX 515E PIX 6.3, PIX 7.x+ 55 Yes Yes PIX 525 PIX 6.3, PIX 7.x+ 55 Yes Yes PIX 535 PIX 6.3, PIX 7.x+ 55 Yes Yes ASA 5510 ASA 5520 ASA 5540 PIX 6.3 55 No Yes Con- sole, Telnet, Secure Shell (SSH) PIX De- vice Man- ager (PDM), VPN/ Secur- ity Man- age- ment Solu- tion (VMS), Auto Update Static, RIP Con sole , Tel- net, SS H PD M, VM S, Aut o Up- date Console, Telnet, SSH Console, Telnet, SSH Console, Telnet, SSH Telnet, SSH Con- sole,Tel- net, Se- cure Shell (SSH) Con- sole,Tel- net, Se- cure Shell (SSH) PDM/ ASDM, VMS, Auto Up- date Con- sole,Tel- net, Se- cure Shell (SSH) Manage- ment Plat- forms PDM/ ASDM, VMS, Auto Up- date PDM/ ASDM, VMS, Auto Up- date PDM/ ASDM, VMS, Auto Up- date PDM, VMS PDM/ ASDM, VMS, Auto Up- date PDM/ ASDM, VMS, Auto Up- date Routing Stat ic, RIP , OS PF 1 Yes Static, RIP, OSPF Static, RIP, OSPF Static, RIP, OSPF Static, RIP, OSPF Static, RIP, OSPF Static, RIP, OSPF Static, RIP, OSPF Security Contexts VPN-Ca- pable 1 Yes 5 Yes 50 Yes 100 Yes 100 No 2 1 Yes 10 Yes 50 Yes 1 The FWSM supports only LAN-based failover, because it has no physical failover cable connector. 2 The FWSM doesn't support any IPSec VPN features except for a 3DES tunnel that is used for management purposes. Basic Security Policy Guidelines As you plan your security policies and configure your firewall, you should keep several things in mind. Rather than presenting a long treatise on security policies and how to protect against vulner- abilities and attacks, this small section provides a short list of rules of thumb. If you follow these suggestions, you should be able to configure a firewall to provide the best possible protection. · Gather and review firewall logs regularly.