For the PIX 525 and PIX 535, the maximum configuration file size limit is increased to 2 MB for PIX Firewall software Versions 5.3(2) and higher. For other PIX Firewall platforms and earlier software versions, the maximum configuration file size limit remains the same. (In these cases, the maximum configuration size is most likely 1 MB.)
While configuration files up to 2 MB are now supported on the PIX 525 and PIX 535, be aware that such large configuration files can reduce system performance. For example, a large configuration file is likely to noticeably slow execution times in the following situations:
-While executing commands such as write term and show conf
-Failover (the configuration synchronization time)
-During a system reload
Cisco Secure Policy Manager (Cisco Secure PM) may also experience limitations if a PIX Firewall configuration file near 2 MB is used, and the optimal configuration file size for use with Cisco PIX Device Manager is less than 100 KB (which is approximately 1500 lines).
The number of simultaneous connections on the 515 is 125,000, so you won't exceed that, and the number of acls the PIX can handle is in the hundreds of thousands (for example the PIX535 can handle 2 million acls and the cat6k FWSM can handle 128,000).
Basically what I am saying is that the PIX should be able to handle it.
We spoke with the TAC early in our deployment of our "core" firewall which connects all of our production Ethernet networks. The TAC told us that we needed a network specific static for all internal networks that needed to talk to lower security number networks.
We have thousands of hosts statically mapped internally using only a few statements.
For example (note, not all of our networks communicate):
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...