Cisco PIX Firewall now available with enhanced network security and reliability

SAN JOSE, Calif. - November 4, 1996 - Cisco Systems, Inc. today announced new technology for the Cisco PIX Firewall that boosts network performance for Internet and intranet access.

The new embedded technology, Cut-Through Proxy, provides faster network throughput and minimizes network bottlenecks while protecting networks from outside intrusion. Additionally, Cut-Through Proxy offers enhanced user authenticationcapabilities through streamlined verification of authorized network users based on industry security standards databases TACACS+ and RADIUS. Unlike UNIX-based firewalls, the Cisco PIX Firewall with the new authentication technology offershigher performance and less data degradation through centralized verification of users at the authentication server.

Based on stateful, connection-oriented security, the Cisco PIX Firewall (V3.0) is a standalone hardware device that isan integral part of Cisco's overall network security solution and is interoperable with (TM) software. Protecting internal networks from the outside world, the Cisco PIX Firewall uses a secure real-time embedded system. This standalone architecture cuts down on network overhead, enabling the Cisco PIX Firewall to deliver enterprise-widescalability supporting over 16,000 simultaneous network connections.

"To build fast and secure networks, users need to look at two key issues - performance and reliability. With the Cisco PIX Firewall and key security functionality in Cisco IOS software, network managers now have a comprehensive security solution that is compatible with other network devices and supports popular high-speed technologies such as Token Ring and Fast Ethernet," said Frank Roys, product marketing director of Cisco's Internet Business Unit. "Cisco has pioneered hardware solutions that improve network performance, and we leveraged this experience in the Cisco PIX Firewall."

High-Performance Firewall

With Cut-Through Proxy technology, the Cisco PIX Firewall increases the speed of security verification in a network by radically reducing the network overhead associated with UNIX-based proxy server firewalls. Most UNIX-based firewalls perform extensive processing on each data packet, slowing down network traffic.

The Cisco PIX Firewall's Cut-Through Proxy technology reduces the amount of data processing cycles necessary for each user to be authenticated. Cisco's Cut-Through Proxy authenticates users at the application layer like a proxy server, but once the user is authenticated, the Cisco PIX Firewall shifts the session flow, establishing a direct link between the source and destination while maintaining session state information. This cut-through capability provides faster network performance without sacrificing the security of the network.

Redundant Network Security

For users with mission-critical needs, Failover/HotStandby enables network managers to achieve maximum network uptime by removing a single point of failure in a user's security architecture. Failover/HotStandby allows one Cisco PIX Firewall to be supported by the second so that if the primary unit should go down, the secondary unit automatically takes over without loss of system integrity.

"Performance is a key requirement for any network security product," said Ted Julian, Internet research manager at International Data Corporation. "In addition to better throughput, faster performance allows security to be more transparent. Any security component that introduces a bottleneck creates incentive for users to go around it - defeating the purpose of the product to begin with."

Virtual Private Networks

Cisco offers cost-effective virtual private networking solutions based on the Cisco PIX Firewall. With the PIX Private Link encryption card, the Cisco PIX Firewall provides secure communications over the Internet through the use of Data Encryption Standard (DES). The PIX Private Link encryption card now offers support for the proposed IETF standard, AH/ESP, which offers users a new methodology to encapsulate encrypted data.

Availability

The Cisco PIX Firewall is available now with configurations supporting from 32 to over 16,000 simultaneous TCP sessions. Software upgrades are available at no additional charge for all customers of Cisco's SmartNet(TM) program, Cisco's technical support service.

Cisco Systems (NASDAQ:CSCO) is the leading global supplier of internetworking solutionsfor corporate intranets and the global Internet. Cisco's products---includingrouters, LAN and WAN switches, dial-up access servers and network managementsoftware---are integrated by Cisco IOS^TM software tolink geographically dispersed LANs, WANs and IBM networks. Company news andproduct/service information are available at World Wide Web site http://www.cisco.com/. Cisco is headquartered in San Jose,Calif.

# # #

Cisco IOS, SmartNet andCisco Systems are trademarks, and Cisco and the Cisco Systems logo are registered trademarks ofCisco Systems, Inc. All other trademarks, service marks, registered trademarks or registered service marks mentioned in this document are the property of their respective owners.