Footnotes
^ Only the first few NTI PIXs came with the 486 processor; the rest came with a Pentium processor.
^ The "inside" port is connected to an internal, unmanaged, auto-polarity 4 port switch.
^ Restricted package / Unrestricted package limits (referred to by Cisco as R and UR/FO/FO-AA, respectively). For PIX-525, RAM configurations above 384 MB are not supported by Cisco however up to 3x 256 MB work for a maximum of 768 MB.
^ According to Cisco, the 1000baseSX card is not officially supported by the 515/515e, but it will work.
^ VAC acceleration vs VAC+ (in parenthesis) acceleration (Implies Unrestricted package).
^ Older 520s made before February 2000 and with a serial number less than 18025677 shipped with a 2 MB flash card. Newer 520s shipped with a 16 MB flash card .
^ The WS-SVC-FWM-1-K9 blade has no fixed ports or internal expansion; it makes use of either VLAN interfaces (being used by physical interfaces on a remote switch) or the physical interfaces on the switch/router it is installed in.
^ PIX Classic firewalls with a serial number of 06002015 or lower came with a 512 KB flash card. Newer models came with a 2 MB flash card .
^ The WS-SVC-FWM-1-K9 blade only supports IPSec VPN for management. It doesn't have the ability to terminate a VPN connection for remote users.
^ The PIX 520 received updated PII processors as they became available, starting with the PII 233 and ending with the PII 350. The Intel-manufactured SE440BX-2 ATX motherboard in the 520 can support any Slot1 processor from the Celeron Covington, Celeron Mendocino, Pentium II Klamath, Pentium II Deschutes, and the Pentium III Katmai families, as long as the cpu uses 2.0 V core voltage and can run on a 66 or 100 MHz fsb. One may also use 133 MHz FSB CPUs, but they will run at lower speeds, for example a 933 MHz CPU for 133 MHz FSB will only run at 700 MHz. A slotket can also be used to install the newer 500 MHz - 1.1 GHz Socket 370 Pentium III Coppermine cpus, as long as the slotket provides a voltage regulator and manual bus speed selector. Using the PowerLeap PL-iP3 converter, Tualatin processors can be used. A BIOS upgrade to the latest level of the SE440-BX2 is required. Using the bus-speed settings on the Powerleap, speeds of 1.6 GHz are possible.
The PIX 520 rev A firewalls may use the Intel AL440LX motherboard instead of the SE440BX-2. The AL440LX may be replaced by a SE440BX-2 motherboard, which is found in the 520 rev B.
^ Cannot be easily upgraded, due to clearance issues with the top cover.
^ In early 2005, Cisco indicated that PIX OS 7.x would only support the 515, 515e, 525, and 535, while a "stripped-down" version would eventually be released for the 501 and 506e. While not officially supported, it is actually possible to update the 506E to 7.x code by removing all GUI management software.
^ The maximum OS version one can run with a 512 KB card is 4.2(2). The maximum OS version one can run with a 2 MB card is 5.1(x). The maximum OS version with a 16 MB card is 6.3(5), unless one is using a PIX 535. OS version 5.2(4) and higher explicitly does not support the Intel 440FX chipset.
^ Shows flash chips on the 2 MB flash card versus the chips on the 16 MB flash card.
^ Various models of the 525 use different flash chips, probably due to differing production runs.
^ Shows flash chips on the 512 KB flash card versus the chips on the 2 MB flash card.
^ While the PIX 535 boots off of the same ISA flash card as some PIX 510s and 520s (the PIX-FLASH-16MB) its newer on-board PIX BIOS (version 4.x) overrides the PIX BIOS on the flash card (version 3.6) at boot.
^ Since both the 510 and 520 have standard ATX motherboards, the PCI slot count can be higher or lower than the default if the motherboard is replaced with a different one.
^ The performance figures cited here are highly changeable, as one can upgrade the CPU in the PIX 520 to a 1 GHz Pentium III, which will considerably increase its throughput in all of the below categories, putting it on a level with the 525 and 535.
^ According to a 2000 field notice, due to a "procedural error", PIX 525s with serial numbers 44480380055 through 44480480044 were manufactured with erroneous or omitted EEPROM programming in their 82559 chips that caused the onboard FastEthernet ports to behave erratically when set to full-duplex. Starting with PIX OS 5.3.1, the "eeprom update" command will reprogram the defective data and restore normal operation permanently. Viewing the field notice requires registration . Most, if not all, 525s in use today within that range have likely been corrected, but an unused or unopened unit within that range would still need the corrective action to be taken.
^ It is theoretically possible to upgrade the Socket 8 Pentium Pro processor in the PIX Classic and 10000 with either an Intel Pentium II Overdrive (300 or 333 MHz depending on the system bus speed) or a Powerleap PL-Pro/II Celeron adapter, both of which are long out of production. The Powerleap adapter natively can allow use of a 300 - 533 MHz Mendocino Celeron PPGA processor. Coupled with the Powerleap Neo S370 FC-to-PPG adapter, one can use a 533 - 766 MHz FC-PGA Coppermine-128 Celeron processor. However, the 60 or 66 MHz bus (no 100 MHz bus) and 72-pin SIMM memory limitations of the workstation-style 440FX board used limit the potential gains in performance to be had from such upgrades. Upgrading the motherboard to a compatible server-style 440FX board with DIMM slots may allow for the use of the 440FX chipset's theoretical limit of 1 GB of RAM, although if the motherboard is to be replaced, it may arguably be more cost-efficient to upgrade to a SE440BX-2 motherboard with a slocket and Tualatin Celeron CPU. It is also worthwhile to note that PIX OS later than 5.3.4 explicitly does not support the 440FX chipset.
^ The PIX 525 is known to come with a variety of processors including 1.65 V 600 MHz (SL3VH) and 1.75 V 600 MHz (SL5BT). It would appear that all 1.65 V to 1.75 V 100 MHz FSB CPUs would work, this has been substantiated to 1000 MHz with a SL5QV 1.75 V CPU.
^ The first PIX Classics did not support failover. Only after this feature debuted with the LocalDirector did it come to be included in the later PIX Classics.
^ Proof of successful overclocking of Cisco Pix 506E with mainboard, socket and circuits modification for 1.2 GHz P3(Tualatin core) is on the photos. This mod was done by someone called i8.
Read more about this topic: Cisco PIX