The Cisco Secure PIX Firewall family are dedicated firewall appliances which control the flow of Internet Protocol (IP) traffic (datagrams) between network interfaces. They provide a single point of defence as well as controlled and audited access to services between networks by permitting or denying the flow of information traversing the firewall.
The Cisco Secure PIX Firewall is an integrated unit, with an imbedded operating system that increases security and performance. The evaluated platforms include the Cisco Secure PIX Firewall 501, 506/506E, 515/515E, 520 and 525 and 535 with the 6.2(2) software release.
Additional information can be found in the "Installation and Configuration for Common Criteria EAL4 Evaluated Cisco Secure PIX Firewall Version 6.2(2) [opens a new window] ".
Recommendations for Australian/New Zealand Government Use:
Section 2.2 of the Security Target (ST) discusses the scope and boundaries of the evaluated configuration with Table 2 describing the configuration of the computer required to receive the audit logs generated by the PIX firewall, which Cisco refers to as the PFSS (PIX Firewall Syslog Server). As the computer was outside the Target of Evaluation (TOE) it was not evaluated as a part of the PIX's evaluation. In addition, paragraph 18 of the Certification Report (CR) states that the PFSS software was also outside the scope of evaluation.
As neither the PFSS software nor the operating system that it runs on (Windows NT 4.0 Service Pack 6a) were evaluated, Australian and New Zealand Government users are advised that paragraph 73 of the CR should be interpreted as "Potential Australian and New Zealand Government consumers of the TOE should also ensure that the machine allocated to the storage and review of audit data generated by the TOE has adequate assurance to meet their needs and the audit related assumptions listed in section 3.4 of the ST. Agencies may choose to use the configuration described in the ST and CR but this not a requirement.