06-07-2004 04:57 AM - edited 02-20-2020 11:26 PM
Has anyone got any news regarding the OS release 7 of PIX firewall?
Any information as to what new features will support, what is the minimum requirements and when it would be available?
06-14-2004 09:39 PM
Firewall Features:
Security Contexts (i.e. Virtual Firewall) on PIX 515E, 525 and 535 UR/FO models (Separate license required)
Transparent (L2) Firewalling
Application/Protocol Inspection Engines (formally known as Fixups):
Advanced HTTP Inspection Engine
Method Policing for HTTP methods defined in the RFC as well as extension methods.
Port 80 Misuse detection
ESMTP Inspection Engine
GTP/GPRS Inspection Engine (Separate license required, not supported on PIX 501/506/506E)
NAT and PAT support for MGCP Inspection Engine
NAT support for RTSP Inspection Engine
H.323 Inspection Engine enhancements (T.38 and GKRCS)
FTP Inspection Engine support for command filtering (GET, PUT etc.)
Stateful ICMP Inspection Engine
Sun RPC TCP Inspection Engine
NIS+ Inspection Engine
TCP stream reassembly for Inspection Engines
All inspection engines have the ability to be enabled or disabled via configuration
Ability to configure inspection engines on an interface, network, or host basis
Outbound ACLs
Time-based ACLs
Configuring NAT policy will not be required to pass traffic through the device. NAT no longer a prerequisite for firewalling
Option to pass traffic between interfaces with the same security level (knob to change default PIX behavior)
URL filtering performance enhancements
VPN Features:
Are You There (AYT) support for Cisco Security Agent (CSA)
TCP based NAT transparency
VPN Hub, client-to-client routing; traffic u-turn on interface
Block VPN clients by OS and type
Support for Diffie Hellman Group 7 (ECC) and Movian VPN Client
IKE DoS safeguards (Aggressive Mode knob)
Support for n-tiered X.509 certificate chaining
Manual X.509 certificate enrollment (PKCS 10/7 support)
Network Integration Features:
Increased number of VLANs supported per platform
Increased number of physical network ports supported on PIX 525/535
IPv6 phase 1 support (firewall only) - Statement of Direction for IPv6 and Cisco Firewall
Dual IP stack supporting IPv4 and IPv6
Neighbor discovery
Security checks of IPv6 header, including extension headers
ICMPv6 support
Protocol support: TCP, UDP, FTP, HTTP, ICMP, SMTP ·
Management access to the device using HTTP, SSHv1, SSHv2 and Telnet will be supported for both IPv4 and IPv6.
Ping to and from the device will also be supported for both IPv4 and IPv6.
PIM Sparse Mode Multicast support
Low Latency Queuing (LLQ) - controls latency when the system is under load.
Policing - provides rate limiting of the maximum transmission rate for tunneled traffic for remote access and site-to-site tunnels.
Reverse Route Injection (RRI) for OSPF
Resiliency Features:
Active-active failover - this will initially support Firewall and NAT only. (Two UR license systems required)
VPN stateful failover
Authentication, Authorization and Accounting (AAA) Features:
Support multiple RADIUS accounting servers
Accounting for management traffic - generates AAA accounting records for management connections to the device.
Native Window NT/Active Directory user authentication support (VPN only)
Native SDI/RSA SecurID user authentication support (VPN only)
Management Features:
SSHv2
SCP (Secure Copy support)
SNMPv2c
IPSec Flow Monitoring MIB support
Enhanced Ping
TCP syslog server failure policy
Multiple configurations stored in flash
Multiple images on flash
IOS-like CLI parser (command aliasing, contextual help, command completion, etc.)
Certification - Details
ICSA IPSec ready
ICSA Firewall ready
Common Criteria EAL4+ ready
07-21-2004 07:36 AM
Any idea for when it will be released?
07-22-2004 07:24 AM
I heard September, if all goes to plan. There's an awful lot of features in it some of which are really desirable...
J
07-22-2004 09:18 AM
My SE told me its due out this month,and to keep watching the download page.
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide