Twelve years after its 1995 acquisition of PIX (Private Internet EXchange) creator - Network Translation, Inc., Cisco has quietly released:
End-of-Sale (EOS) Notice for Cisco PIX Products
The Cisco EOS notice covers all PIX security appliances, software, accessories and licenses for:
 |
PIX 501 PIX 506E PIX 515E PIX 525 PIX 535 systems and spares |
|
Cisco PIX Software Releases 6.2, 6.3, 7.0, 7.1, 7.2, and 8.0 |
|
All accessory items such as power supplies, I/O cards, memory upgrade kits, VPN Accelerator Card Plus (VAC+) cards and software licenses. |
Cisco PIX EOS Dates
| Milestone |
Explanation |
Date |
| External announcement |
The date when the end of sale and end of life of a product is announced to the general public. |
January 28, 2008 |
| End-of-sale date for platforms/bundles |
The last date to order the platform and bundles. |
July 28, 2008 |
| End-of-sale date for accessories |
The last date to order the accessories. |
January 27, 2009 |
| End of software maintenance releases |
The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. |
July 28, 2009 |
| End of new service attachment date |
For equipment and software that is not covered by a service-and-support contract, this is the last date to order a new service-and-support contract or add the equipment and/or software to an existing service-and-support contract. |
July 28, 2009 |
| End of service contract renewals |
The last date to extend or renew a service contract for the product. The extension or renewal period cannot extend beyond the last date of support. |
October 23, 2012 |
| End of support/end of life |
The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete. |
July 27, 2013 |
So far, the Linux platform based Unified Threat Management (UTM) solution vendor Astaro, has been the only competitor to address the Cisco PIX end-of-sale notice by announcing its Upgrade Your Cisco PIX trade-in program.
Over 100,000 IT administrators entrust their network with security appliances from Astaro.
The Astaro trade-in program offers Cisco PIX users 20% off the list price on all Astaro hardware, software and maintenance for 3 or 5 year agreements, with the return of a Cisco PIX firewall appliance.
 "Astaro’s ease of use and robust feature set has always made us an effective platform that Cisco Pix users upgraded to," said Jan Hichert - Astaro CEO.
"When companies announce the end-of-life of an appliance line it essentially means that the product and the technology is now obsolete." "Now with users forced to choose a migration path, we want to make sure that PIX users know there is an option available that can increase their protection and save them money vs. the ASA path being offered by Cisco." |
Astaro vs. Cisco PIX
| Astaro Security Gateway |
Cisco PIX |
| Astaro WebAdmin is intuitive, so even basic users can build rules and make changes without special training. | Proprietary command line IOS interface is realistically usable by certified personnel only. |
| All configuration done with included WebAdmin GUI. |
Rudimentary GUI supported offered via the Cisco Device Manager only. |
| Offers over 7000 IDS patterns standard, in addition to firewall, VPN, routing, NAT, and more. | Acts as a firewall/vpn/router only. IPS has a poor amount of patterns/attacks base. |
| VPN Performance from 50-600+ Mbps using AES or 3DES technology in various configurations. | Low VPN Performance, even on high-end models (under 100 Mbps). |
| ASG base model 120 offers 512MB RAM, with up to 4GB on higher models. Uses latest processors from Intel. | Low hardware specifications yield poor throughput. (32MB RAM, 16 MB flash RAM). |
| SSL VPN Support comes Standard /w Unlimited clients included free of charge. | No SSL Roadwarrior VPN support. |
Astaro vs. Cisco Adaptive Security Appliances (ASA)
| Astaro Security Gateway |
Cisco ASA 5510/5520/5540 |
| Full SSL VPN /w Unlimited Clients included. | 2 SSL VPN Licenses included for demo/evaluation. Additional purchase required. |
| Base functionality includes Firewall, Roadwarrior VPN, Site-Site VPN, Intrusion Detection & Prevention, and Basic Web & Email Filtering. | Only Firewall and VPN included in base functionality. |
| No add-in slots required to enable all UTM features on the same platform. | 1 Add-in slot for expanding functionality to include IPS, more ports, or Filtering. |
| Intrusion Prevention & Detection included standard with over 7000 patterns. | IPS only available with AIP SSM add-in card at extra charge. |
| Dual AV Engines, Anti-Spyware, Anti-Phishing, Content Filtering, and Malware blocking available with just a software license. | AV/Anti-Spyware/File Blocking only available with CSC SSM add-in card. |
| 8 x 10/100/1000 Ethernet ports based on model selected. | 5 Ethernet ports in various 10/100/1000 configurations depending on model. |
| 7th Generation WebAdmin GUI uses immersive technology tools like AJAX and Javascript to produce a clean, fast, and effective management platform. | 1st Generation GUI is kludgy and dated. |
| Offers true UTM functionality by including all features on a single box. | Not possible to outfit ASA with all offerings due to expansion port limitations. |
| Web Filtering offers access to more than 39 million categorized sites and over 2.5 billion URL’s and objects. Profile creation allows selection of sites in over 50 categories. | The ASA Anti-X option includes some basic web filtering capabilities only. To get advance web filtering comparable to Astaro's you have use external subscription services from 3rd party URL partners. |
Astaro vs. Competitors
 |
 |
 |
 |
 |
 |
 |
 |
|
| Choice of hardware or software solution |
 |
 |
|
|
|
|
 |
|
| Intuitive web-based GUI for complete system management |
|
|
|
|
|
|
|
|
| One-click VPN for easy SSL remote access (free of charge) |
|
|
|
|
|
|
|
|
| IPsec, SSL, PPTP and L2TP VPN support on all appliances |
|
|
|
|
|
|
|
|
| Dual, independent anti virus engines |
|
|
|
|
|
|
|
|
| Clientless email encryption (TLS, S/MIME, OpenPGP) |
|
|
|
|
|
|
|
|
| Virus scanning for encrypted emails (S/MIME & OpenPGP) |
|
|
|
|
|
|
|
|
| Extensive set of multiple spam detection capabilities |
|
|
|
|
|
|
|
|
| Quarantine for spam mails on local hard drive |
|
|
|
|
|
|
|
|
| Time, user and group based URL filtering policies |
|
|
|
|
|
|
|
|
| Prevent spyware infection and hidden "phone home" communication |
|
|
|
|
|
|
|
|
| Automatic system software updates |
|
|
|
|
|
|
|
|
| End user self servicing portal for spam and VPN management |
|
|
|
|
|
|
|
|
| Active/Active cluster with integrated load balancing |
|
|
|
|
|
|
|
|
| VMWare support
|
|
|
|
|
|
|
|
|
Curious to know what method Astaro will deploy to jettison returned Cisco PIX trade-in units?
Related Story:
| Network World | Cisco sets last sale date for PIX firewall |
About Brad Reese on Cisco
Brad Reese is research manager at BradReese.Com, advancing the careers of 1 million certified individuals in the growing Cisco Career Certification Program.
Contact him.
Brad's blogroll
Brad Reese on Cisco archive.
Cisco Subnet
|
|
What will Astaro do with PIX?
With support being such a bear, I doubt if Astaro will do much with returned PIX boxes other than to use them as glorified paper weights. To the recycle bin they will go.
antiquated technology was tops in its heyday
PIX is an antiquated technology that enjoyed a great run but truth be told, its annual service contract cost more than buying a new device from a competitor. The point is to get these obsolete appliances out of peoples' networks and into places like the Smithsonian.
Cisco vs. Astaro Confusion
Received the following private email message:
---------------------------
Brad/Reggie—
Thought the chart comparing Cisco vs. Astaro to be interesting, but I was confused.
I teach Cisco firewalls as part of my job, and in the class I taught last week, I gave lessons on:
Cisco GUI management (ASDM, which is actually second-generation at least after PDM, even if you don’t count the PDM and SDM revisions);
One-click VPNs via wizards;
Time, User and group-based URL filtering and traffic filtering
Active/Active clustering
I don’t mind looking at competitive products in the marketplace, but I do find it odd to misstate the capabilities of any competitor simply to make Astaro look better.
I was ready to forward your email out to my customers, but the misstatements in the email make me reluctant to give them information about your product with the incorrect information about other products included.
Did I miss something?
Official response from Astaro
The chart you used in the story was actually made by Astaro marketing, which of course usually assumes the best case using challenge words, something that Astaro competitors do as well.
It is also quite old, and needs updating.
1. For the GUI, Cisco uses the word intuitive, which of course is open to debate depending on whom is using the GUI.
A person who is Cisco expert and heavily familiar with the Cisco GUI, probably can move through it quite quickly.
The point Astaro is trying to make is that its WebAdmin is considered easier and more intuitive to use, not that Cisco has no GUI at all.
Suggest that Astaro marketing reword this.
---------------------------
2. In regards to One-Click VPN, Astaro's focus is more on the Free of Charge statement, since ASA does have SSL vpn, (Astaro is not web portal based but rather a full IP ssl vpn) however Cisco offers only a 2 client sampler free of charge, not unlimited clients for multi-OS’s as part of the base price.
Being a marketing chart, Astaro once again is shining the light in the best possible way for Astaro.
---------------------------
3. For the URL filter, this is incorrect as ASA does this, optionally, however this statement was supposed to have the Edirectory SSO and AD SSO in it, thus making the checkboxes correct.
---------------------------
4. Active/Active clustering should read as Zero Configuration One Click Active-Active Clustering indicating Astaro’s feature requires no setup at all, simply plug in a new Astaro and the first one will assimilate it and build the cluster automatically.
It appears Astaro marketing took a few liberties here on this chart.
Sincerely,
Brad Reese
http://www.BradReese.Com
I find the argument that the
I find the argument that the PIX is realistically usable only by Cisco certified staff to be a bit of a feature, when compared to allowing basic users to configure a firewall, as Astaro would have you believe.
Does the argument carry then that if you were replacing your PIX in the data center, you would also no longer need those certified staff's knowledge of proper security techniques and best practices? Or does Astaro GUI provide that also? Maybe they have their version of MS's 'Clippy' to help you along?
Sounds to me that Juniper's Netscreens will be getting a close look when it comes time to replace the PIX's in places where security really matters.
some truth
I maintain a cisco pix for my employer. I have a very good understanding of and ability to implement best security practices. I sure as hell can't do it on a Pix. They us a very specific command structure that is different from any other Cisco equipment, classes are difficult to find, and even consultants who understand the PIX are difficult to find. I do minimal maintanence and use the pay and pray method (pay someone to do it and hope they understand what I want).