Interesting. I just purchased a PIX 506e for a client based on my understanding that it could support VLANs, but according to the document above it doesn't support logical interfaces. According to the data sheet for the 506e it does. If it doesn't support logical interfaces the perhaps someone could explain what this means?

VLAN-based virtual interfaces

· Provides increased flexibility when defining security policies and eases overall integration into switched network environments by supporting the creation of logical interfaces based on IEEE 802.1q VLAN tags, and the creation of security policies based on these virtual interfaces

· Supports multiple virtual interfaces on a single physical interface through VLAN trunking, with support for multiple VLAN trunks per Cisco PIX Security Appliance

· Supports up to 2 VLANs on a Cisco PIX 506E Security Appliance, providing a low-cost DMZ-enabled security solution that enables businesses to securely host Web servers, e-mail servers, and other services with the Internet or extranet environments

Taken from:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b13.html

My goal is to create a vlan on the inside interface for a DMZ and use the pix to route between them. Perhaps I should have bought a 1711 Router instead.

Aaron

Don't worry, if the marketing paper, as the Data Sheet, says that the 506E supports VLAN then it will support VLAN.

Cisco changed multiple time, in the last 12 month, features on the 506 and 501 PIX Firewall. Most of the documentation was never changed since then.

sincerely

Patrick

Thank you for clarifying. Currently my client doesn't have a need for more than two interfaces, but having the capability to add dmz functionality in the future was a big selling point.