Twelve years after its 1995 acquisition of PIX (Private Internet EXchange) creator - Network Translation, Inc., Cisco has quietly released:
End-of-Sale (EOS) Notice for Cisco PIX Products
The Cisco EOS notice covers all PIX security appliances, software, accessories and licenses for:
 |
PIX 501 PIX 506E PIX 515E PIX 525 PIX 535 systems and spares |
|
Cisco PIX Software Releases 6.2, 6.3, 7.0, 7.1, 7.2, and 8.0 |
|
All accessory items such as power supplies, I/O cards, memory upgrade kits, VPN Accelerator Card Plus (VAC+) cards and software licenses. |
Cisco PIX EOS Dates
| Milestone |
So far, the Linux platform based Unified Threat Management (UTM) solution vendor Astaro, has been the only competitor to address the Cisco PIX end-of-sale notice by announcing its Upgrade Your Cisco PIX trade-in program.
Over 100,000 IT administrators entrust their network with security appliances from Astaro.
The Astaro trade-in program offers Cisco PIX users 20% off the list price on all Astaro hardware, software and maintenance for 3 or 5 year agreements, with the return of a Cisco PIX firewall appliance.
 "Astaro’s ease of use and robust feature set has always made us an effective platform that Cisco Pix users upgraded to," said Jan Hichert - Astaro CEO. |
"When companies announce the end-of-life of an appliance line it essentially means that the product and the technology is now obsolete."
"Now with users forced to choose a migration path, we want to make sure that PIX users know there is an option available that can increase their protection and save them money vs. the ASA path being offered by Cisco."
Astaro vs. Cisco PIX
| Astaro Security Gateway |
Astaro vs. Cisco Adaptive Security Appliances (ASA)
| Astaro Security Gateway |
Astaro vs. Competitors
 |
 |
 |
 |
 |
 |
 |
 |
|
| Choice of hardware or software solution |
 |
 |
|
|
|
|
 |
|
| Intuitive web-based GUI for complete system management |
|
|
|
|
|
|
|
|
| One-click VPN for easy SSL remote access (free of charge) |
|
|
|
|
|
|
|
|
| IPsec, SSL, PPTP and L2TP VPN support on all appliances |
|
|
|
|
|
|
|
|
| Dual, independent anti virus engines |
|
|
|
|
|
|
|
|
| Clientless email encryption (TLS, S/MIME, OpenPGP) |
|
|
|
|
|
|
|
|
| Virus scanning for encrypted emails (S/MIME & OpenPGP) |
|
|
|
|
|
|
|
|
| Extensive set of multiple spam detection capabilities |
|
|
|
|
|
|
|
|
| Quarantine for spam mails on local hard drive |
|
|
|
|
|
|
|
|
| Time, user and group based URL filtering policies |
|
|
|
|
|
|
|
|
| Prevent spyware infection and hidden "phone home" communication |
|
|
|
|
|
|
|
|
| Automatic system software updates |
|
|
|
|
|
|
|
|
| End user self servicing portal for spam and VPN management |
|
|
|
|
|
|
|
|
| Active/Active cluster with integrated load balancing |
|
|
|
|
|
|
|
|
| VMWare support |
Curious to know what method Astaro will deploy to jettison returned Cisco PIX trade-in units?
Related Story:
| Network World | Cisco sets last sale date for PIX firewall |
Advertisement: |
Brad Reese cofounded BradReese.Com Cisco Refurbished which offers one year warranties on Cisco Refurbished and Cisco Repair.
The Leader in Network Knowledge
What will Astaro do with PIX?
With support being such a bear, I doubt if Astaro will do much with returned PIX boxes other than to use them as glorified paper weights. To the recycle bin they will go.
antiquated technology was tops in its heyday
PIX is an antiquated technology that enjoyed a great run but truth be told, its annual service contract cost more than buying a new device from a competitor. The point is to get these obsolete appliances out of peoples' networks and into places like the Smithsonian.
Cisco vs. Astaro Confusion
Received the following private email message:
---------------------------
Brad/Reggie—
Thought the chart comparing Cisco vs. Astaro to be interesting, but I was confused.
I teach Cisco firewalls as part of my job, and in the class I taught last week, I gave lessons on:
Cisco GUI management (ASDM, which is actually second-generation at least after PDM, even if you don’t count the PDM and SDM revisions);
One-click VPNs via wizards;
Time, User and group-based URL filtering and traffic filtering
Active/Active clustering
I don’t mind looking at competitive products in the marketplace, but I do find it odd to misstate the capabilities of any competitor simply to make Astaro look better.
I was ready to forward your email out to my customers, but the misstatements in the email make me reluctant to give them information about your product with the incorrect information about other products included.
Did I miss something?
Official response from Astaro
The chart you used in the story was actually made by Astaro marketing, which of course usually assumes the best case using challenge words, something that Astaro competitors do as well.
It is also quite old, and needs updating.
1. For the GUI, Cisco uses the word intuitive, which of course is open to debate depending on whom is using the GUI.
A person who is Cisco expert and heavily familiar with the Cisco GUI, probably can move through it quite quickly.
The point Astaro is trying to make is that its WebAdmin is considered easier and more intuitive to use, not that Cisco has no GUI at all.
Suggest that Astaro marketing reword this.
---------------------------
2. In regards to One-Click VPN, Astaro's focus is more on the Free of Charge statement, since ASA does have SSL vpn, (Astaro is not web portal based but rather a full IP ssl vpn) however Cisco offers only a 2 client sampler free of charge, not unlimited clients for multi-OS’s as part of the base price.
Being a marketing chart, Astaro once again is shining the light in the best possible way for Astaro.
---------------------------
3. For the URL filter, this is incorrect as ASA does this, optionally, however this statement was supposed to have the Edirectory SSO and AD SSO in it, thus making the checkboxes correct.
---------------------------
4. Active/Active clustering should read as Zero Configuration One Click Active-Active Clustering indicating Astaro’s feature requires no setup at all, simply plug in a new Astaro and the first one will assimilate it and build the cluster automatically.
It appears Astaro marketing took a few liberties here on this chart.
Sincerely,
Brad Reese
http://www.BradReese.Com
I find the argument that the
I find the argument that the PIX is realistically usable only by Cisco certified staff to be a bit of a feature, when compared to allowing basic users to configure a firewall, as Astaro would have you believe.
Does the argument carry then that if you were replacing your PIX in the data center, you would also no longer need those certified staff's knowledge of proper security techniques and best practices? Or does Astaro GUI provide that also? Maybe they have their version of MS's 'Clippy' to help you along?
Sounds to me that Juniper's Netscreens will be getting a close look when it comes time to replace the PIX's in places where security really matters.
some truth
I maintain a cisco pix for my employer. I have a very good understanding of and ability to implement best security practices. I sure as hell can't do it on a Pix. They us a very specific command structure that is different from any other Cisco equipment, classes are difficult to find, and even consultants who understand the PIX are difficult to find. I do minimal maintanence and use the pay and pray method (pay someone to do it and hope they understand what I want).