The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Campus LAN Switches - Core and Distribution. Data Sheets. The Splunk Add-on for Cisco ASA provides the following source types: Source type. The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) Denial of Service Vulnerability. . Repeated exploitation could result in a sustained DoS condition. In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself. End-of-Sale and End-of-Life Announcement for the Cisco Security Manager (CSM) v4. Table 1. For Cisco product support, including documentation. 0. x with different licenses: Single Context Mode - Default Key (256 Interfaces) The interface count is set to 256 since we can only support a maximum of 256 interfaces in a single context firewall. July 18, 2016. End-of-Sale and End-of-Life Announcement for the Cisco UCS B230 M2 Blade Server 31/Oct/2014. FWSM Firewall Version 3. Once the virtual entity is formed, only one of the two supervisors is active at a time. Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM). End-of-Sale Date. The information in this document is intended for end-users of Cisco products. i need help for upgrade ASDM and Software of a FWSM. Series Release Date. CSCtz14399 —Resolved in 15. Table 1. 3 all versions. 1(5) is a web-based application used to configure and monitor the Firewall Services Module (FWSM) on a Catalyst 6500 series switch or Cisco 7600 series router. 255. i have tftp access to the primary at the minute. Consult the PIX/ASA documentation for your PIX/ASA software version for detailed information. A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The virtual entity is perceived as one Catalyst 6500 switch by anyCisco announces the End-of-sale and End-of-life dates for the Cisco Catalyst 3750-X Series Switches. As per Cisco the above chassis part number & serial number as bundle are going to be end of life by Feb 2017 . 3 or earlier, or by the Cisco Adaptive Security Device Manager (ASDM) for Cisco FWSM Software v3. No matter how complex your current firewall policy is, the migration tool can convert configurations from any Cisco Adaptive Security Appliance (ASA) or Firewall Device Manager (FDM), as well as from third-party firewalls. The PIX technology was sold in a. 0. 1. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. The last day to. The virtual entity is perceived as one Catalyst 6500 switch by anyIn multiple context mode, each context supports at most 14,801 rules, but the actual number of rules supported in a context might be less, depending on how many contexts you have. Cisco develops, manufactures, and sells networking hardware, software, telecommunications equipment and other high-technology services and products. The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. January 1, 2006Options. July 18, 2016. They need to have a base PRO license in order to purchase a API license. Select the statement from the list below to find details on EOL for embedded OS and application software. FWSM. Cisco announces the End-of-sale and End-of-life dates for the Cisco Catalyst 3560 Series Switches. There are no known instances of intentional exploitation of this issue. A successful attack may result in a sustained DoS condition. x, and 8. 14 2361 Mar 11 2011 16:00:44 admin. 2 (2) FWSM up 6 days 8 hours. End-of-Sale and End-of-Life Announcement for the Cisco. PDM Version 4. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages. Utilize out-of-the-box reports on: User activity. The FWSM supports two virtual contexts plus one admin context for a total of three security contexts without a license. The Cisco FWSM is affected by multiple vulnerabilities, which are described in the following sections: DCERPC Inspection Buffer Overflow Vulnerability. IPv6 is the next generation of the Internet Protocol after IPv4. The last day to order the affected product(s) is April 30, 2024. The Cisco Catalyst 6500-E Series Switch offers the broadest range of. End-of-Life Notice. -WS-6509EXL-2FWM-K9: Cisco Catalyst 6509E 3BXL Security System with two FWSMs: There is no replacement. If you want support information for the Cisco. Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2. Contact Cisco. Table 1. 7016. The last day to order the affected product (s) is May 5, 2021. 2. EOS for Selective Cisco Catalyst 6503,Catalyst 6506 and Catalyst 6509 Chassis 08-Jan-2014. Additional resources. You can view a listing of available Firewalls offerings that best meet your specific. FPGA/EPLD Upgrade Note for Cisco Prime NAM-NX1, 6. You can specify the severity level number (0 through 7) or name. 3(3. 1 and FWSM 3. 0(4) to 4. 168. 3. Firewall Services Module Overview . Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Cisco Lifecycle Pay for Secure Firewall offers up to 10% off your payment when you return and upgrade your existing firewall. The last day to order the affected product(s) is November 4, 2022. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages. exe or fwsm_migration. Table 2 lists the product part numbers affected by this announcement. • Fixed System Resources. Regarding the three different ipservicesk9 options, SSH LAN only supports SSH connections to the switch. SYN cookies are a special feature that prevents a. Cisco ASA Services Module Installation Note 15-Jul-2011. Hi, Is FWSM Failover feature supported on a VSS environment? We currenlty have two 6509 with FWSM on both switches. New service contracts cannot be ordered since last fall. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Status. The Cisco ACE Application Control Engine Module has been retired and is no longer supported. Complete the steps in order to assign the firewall groups to the FWSM. Router (config)# firewall module module_number vlan-group firewall_group. 1 4. この製品はシスコがサポートしていますが、現在販売されていません。. Find accurate end of life & end of service life dates for Cisco WS-SVC-FWM-1 hardware. 0 and 6. A successful attack may result in a sustained DoS condition. Find out why a Cisco product has reached its end of life, what product upgrade and substitution options are available, and when these changes will take effect. If you want support information for. End Of Life of Catalyst 5000 ATM LAN Emulation Module 13/Mar/2015. Cisco announces the end-of-sale and end-of-life dates for the Cisco WAAS portfolio. 2 (18)SXF4. Here are some logs and diagnostic tests are attached: Before Reset: Dec 14 06:50:20. is this the correct procedure : Router# hw-module module slot-number reset cf:1. The FWSM offers firewall services with stateful packet filtering and deep packet inspection. Release Date: End-of-Sale Date: End-of-Support Date: Works with CUCM 11. Cisco PDM Version 4. End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6500/6500-E Series 1 Gigabit Ethernet Fiber and Copper Line Cards and Accessories 31-Oct-2016. 1. End-of-Support Date: 2013-07-29. The date the document that announces the end of sale and end of life of a product is distributed to the general public. You specify the peer networks that can communicate over the tunnel. Obseved intermittent high cpu in FWSM (4. 1F. The Cisco Catalyst 6500 Series WLSM (Figure 1) can be configured in any open slot of a 3-, 6-, 9-, or 13-slot Cisco Catalyst 6500 Series switch equipped with a Supervisor Engine 720. • Physical Attributes. Before having access to the Firewall Services Module (FWSM), you need to perform some configurations on the Catalyst 6500 chassis where it resides. "Distributed Computing Environment / Remote Procedure Calls", is the remote procedure call system developed for the Distributed Computing Environment (DCE). Cisco PDM Version 4. Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Services Module 2 (WiSM2). The server 2 can connect with the cluster and server 1. 0. Cisco announces the end-of-sale and end-of-life dates for the Cisco Catalyst 3750 Series Switches. FWSM devices are supported, but not shown in the Rule Viewer. This document provides a sample configuration for PIX 7. EOL11243 Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Services Module 2 (WiSM2). This. The forwarding engine on Supervisor Engine 2T is capable of delivering high-performance forwarding for Layer 2 and Layer 3 services. End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6500 Series ASA Services Module Software. From the Catalyst 6500 Supervisor IOS EXEC prompt, the FWSM in slot slot-number can be reset so that it reboots into its maintenance partition. and if this true , it will reboot FWSM from maintenance partition. Cisco Networking Software. The last day to order the affected product(s) is November 14, 2022. zip and save it to a Windows or Macintosh client. EOS/EOL for 64MB Compact Flash for Cisco Catalyst 6500 Supervisor Engine 720/32. Cisco Catalyst 6500 Series Switches. bin and c6svc-fwm-k9. Enhance your network with an industry-leading SD-WAN headend. If you are running Cisco IOS software on the supervisor engine, perform the following steps to add an SVI to the MSFC: Step 1 (Optional) To allow you to add more than one SVI to the FWSM, enter the following command: Router (config)# firewall multiple-vlan-interfaces. 0 02-Nov-2016. 1, you can not delete anything on the flash: partition (for example I want to delete asdm by typing "delete flash:asdm" ) In cisco manual its mentioned that you can delete any file on the flash but if you check from any FWSM with 3. The memory utilization is already 49% even though we have placed only 1000 ACL entries as of now. When a user attempts to establish VPN access, and the traffic matches an authentication statement, the FWSM consults the Kerberos server for user authentication and grants or denies user access based on the response from the server. End-of-Life Milestones and Dates for the Cisco Catalyst 6500 Series FWSM Software Version 1. Further investigations. The Cisco FWSM provides industry-leading performance of upto 100,000 new connections per second, 5. End-of-Life Notice. End-of-Sale and End-of-Life Announcement for the Select Cisco Catalyst 6500 Line Cards, Power Supplies, and Accessories 02-Feb-2016. The vulnerability is due to a buffer overflow in the affected code area. Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing crafted SunRPC or certain TCP packets. 59705344 bytes available (43008 bytes used) File Allocation Table might be corrupted. Cisco FWSM Software Version 2. Visit the global EOL Policy page for additional details. Bias-Free Language. Cisco has released. At this moment, our server farm is capable to support IPv4/IPv6 network, and our servers are starting to use both to serve our end-users. October 31, 2019 End-of-Sale Date: HWIntroduction. in CLI mode, I can control IPv4 rule and IPv6 rule, But in. xE for Cisco Catalyst 3850 and 3650 Series Switches 31/Jul/2017 French - Canadian Annonce d’arrêt de commercialisation et de fin de vie de Cisco Catalyst 3650 Mini 30/Nov/2022Cisco announces the End-of-sale and End-of-life dates for the Cisco Catalyst 4000 Series Switches. The last day to order the affected product(s) is October 31, 2021. Log in as the user root. . New service contracts cannot be ordered since last fall. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL. The Cisco PIX 500 Series Security Appliances has been retired and is no longer supported. End-of-Sale and End-of-Life Announcement for the Promotional Bundle for the Cisco Catalyst 6500 and Cisco Network Analysis Module (NAM-3) 02-May-2014. Cisco's End-of-Life Policy. 部分Cisco. The FWSM is vulnerable if running System Software version 3. Catalyst 6504-E Switch: Access product specifications, documents, downloads, Visio stencils, product images, and community content. • Syntax Formatting. The last day to order the affected product(s) is November 4, 2022. 2 (33)SXI or later. FWSM on this case running inside 6500 Switch: 3. Select the statement from the list below to find details on EOL for embedded OS and application software. A single FWSM supports more than 5 gigabits (Gbs) of throughput and more than 20 Gbs with four modules in a chassis. Assets reaching end of life (EOL) or end of sale (EOS). Technical support will be available for a limited period to customers with Extended Support agreements. These vulnerabilities are documented as CSCeb16356 (HTTP Auth) and CSCeb88419 (SNMPv3). EOS for Selective Cisco Catalyst 6503,Catalyst 6506 and Catalyst 6509 Chassis 08-Jan-2014. 1 23-Feb-2017. Table 1. 0 supports FWSM Release 2. I need to upgrade the IOS on FWSM. 5G/1G multigigabit; 24-port 1000M/100M. A system configured for VSS will be capable of delivering up to 8 Tbps of system bandwidth. September 1, 2008 . 0. End of Life product information for specified product ID (s) End of Life product information for specified serial number (s)Cisco Nexus 7000 M2-Series 6-Port 40 Gigabit Ethernet Module. The first rule is generic and matches all messages: Cisco FWSM Rule Name: Cisco FWSM Log Type: cisco fwsm . 1 and Adaptive Security Device Manager (ASDM) 7. 2 for the Cisco Catalyst 6500 switches and Cisco 7600 routers. Table 1. Table 1 describes the end-of-life milestones, definitions, and dates for the. Cisco announces the end-of-sale and end-of-life dates for the Cisco Nexus 5500, 5600 and 6000 NX-OS 7. . 1(4) requires FWSM Release 2. FWSM HTTP Proxy Traceback Vulnerability. ipservicesk9 includes support for additional encryption technologies such as Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec). Solved: Hi Guys, I'm looking at upgrading our FWSM modules in our 6500's. 5. Hi there, In don't believe there is a hard and fast rule to determine when an EoX statement will be issues for a device. End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6500 Switch Accessories. It helps to have a good knowledge of the Cisco product catalog, general once a new platform is released which supersedes another in location in the network/ functionality the EoX statement will follow on shortly after. A context belongs to one of 12 pools that offers a maximum of 14,801 rules. 0. Bellow is a link to the compatibility matrix, comparing ASA appliance and ASASM modules. csv file and set the index and sourcetype as required for the data source. VSS is currently enabled and I would also want to enable the failover on the FWSM. Cisco announces the end-of-sale and end-of-life dates for the Cisco Select Unified Computing Systems Accessories. To configure an IPv6 default route and static routes, perform the following steps: Step 1 To add the default route, use the following command: hostname (config)# ipv6 route interface_name ::/0 next_hop_ipv6_addr. 2 (1). 0 and 6. The last day to order the affected product(s) is September 5, 2023. This is different from what happens on Cisco IOS routers where using line x means changing line x to new line . 0 architecture specific IT Role-based SKU’s. Cisco Catalyst 6500 Series Network Analysis Module (NAM 3) Installation and Configuration Guide 08-Jul-2014. For routers running an IPS-enabled version of Cisco IOS Software, the earliest supported Cisco IOS Software release is 12. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. 4, 6. November 7, 2023End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6506-E, Catalyst 6509-E, Catalyst 6509-V-E, Catalyst 6513-E, VS-S2T-10G, VS-S2T-10G-XL, Bundles & Accessories 17-Nov-2022. x operating in multiple-context mode, the name of the firewall context will appear in the logs sent from the Firewall. Step 2 Designate the unit as the primary unit: hostname (config)# failover lan unit primary. End-of-Support Date: 2007-09-26. Existing setup was in bridge mode and had to convert it to L3 mode for F5. "The FWSM can connect to another VPN concentrator, such as a Cisco PIX firewall or a Cisco IOS router, using a site-to-site tunnel. 1. 7016. Table. The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) Denial of Service Vulnerability. The Firewall Services Module (FWSM) is a high-performance, high-speed firewall that can operate up to 5 Gbps. 2. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets. Observed that this problematic FWSM is showing huge connections as most used. The Cisco ASA 5540 Adaptive Security Appliance is now obsolete (past End-of-Life and End-of-Support status). This document provides examples of basic Network Address Translation (NAT) and Port Address Translation (PAT) configurations on the Cisco PIX/ASA Security Appliances. Reviews at Gartner Read Gartner Peer Insights reviews on Cisco Secure Firewall. (Policy view) Select Firewall > Web Filter Rules (PIX/FWSM/ASA) from the Policy Type selector. Table 1 describes the end-of-life milestones, definitions, and. Find software and support documentation to design, install and upgrade, configure, and troubleshoot the. Supported Releases: - Cisco Secure Access Control System 5. we have go two FWSMs and both of them are running in active and standby mode. Cisco announces the end-of-sale and end-of-life dates for the Cisco A-WXM Offer. End-of-Sale and End-of-Life Announcement for the Cisco Secure Network Server (SNS) 3515 and 3595 for ISE Applications 08/Dec/2021. We are experiencing some high cpu utlilization in our FWSM blade and i would like your opinion if this is normal. End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6500/6500-E Series 1 Gigabit Ethernet Fiber and Copper Line Cards and Accessories 31-Oct-2016. 4Tbps system bandwidth, no PS, no Fan Tray. 1 and Adaptive Security Device Manager (ASDM) 7. In 2005, Cisco introduced the newer Cisco Adaptive Security Appliance (), that inherited many of the PIX features, and in 2008 announced PIX end-of-sale. 0. The other remains in standby mode. Model. Cisco announces the end-of-sale and end-of-life dates for the Cisco Select ISR Products and Software. Re-partition the acl space and reduce the number of partitions, will. End-of-Sale Date . The Cisco FWSM is affected by multiple vulnerabilities, which are described in the following sections: The information in this document is intended for end-users of Cisco products. Introduction . End-of-Sale and End-of-Life Announcement for the Promotional Bundle for the Cisco Catalyst 6500 and Cisco Network Analysis Module (NAM-3) 02-May-2014. 2(3). 0 version. A vulnerability exists in the. January 1, 2006 Cisco announces the end-of-sale and end-of-life dates for the Cisco Catalyst 3650. Please clarify my question /* Style Definitions */ table. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Startup-running conflicts. Cisco PIX 500 Series Security Appliances - Retirement Notification. 6 of the Splunk Add-on for Cisco ASA is compatible with the following software, CIM versions, and platforms. Step 1 From the Cisco software download site, locate the file fwsm_migration_mac. End-of-Sale and End-of-Life Announcement for the Intel Xeon Processor 5600 Series 30/Jan/2014. The last day to order the affected product (s) is March 31, 2008. 1000 in use, 113000 most used. The FWSM supports the following licensed features: • Multiple security contexts. Cisco Firepower Management Center (Previous Models) Data Sheet 08/Jan/2020. EOL/EOS for the Cisco ASA 5500 Series Adaptive Security Appliance Software Release 8. Details. 1. 13 (from version 8. For Cisco product support, including documentation. 168. The last day to order the affected product(s) is April 30, 2023. The last day to order the affected product(s) is March 31, 2022. x and 4. Cisco DNA Software for Wireless. This library is used in several vendor network devices, in addition to media streaming and file. November 7, 2022 End-of-Sale Date: HW,License The last date to order the product through Cisco point-of-sale mechanisms. Each ACE may takes two nodes or sometimes even more. 0. Cisco announces the end-of-sale and end-of-life dates for the Cisco ISR4200, ISR4300 and select ISR4400 Series Platform. My running software is FWSM Version 3. 130. exe or fwsm_migration. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3) when enabled. 02-19-2021 12:09 AM. End-of-life milestones and dates for the Cisco Catalyst 4500-X Series Switches Milestone Definition Date End-of-Life Announcement Date The date the document that announces the end of sale and end of life of a product is distributed to the general public. It integrates security services in the popular 6500/7600 network devices, providing one of the fastest firewall data rates in the industry. End-of-Sale and End-of-Life Announcement for the Cisco Select Physical Software and Licenses with Equivalent Electronic Products 19/Feb/2018. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract. DCERPC is a protocol widely used by Microsoft distributed client and server applications that allows software clients to execute programs on a server remotely. * Note: Cisco Firewall Service Modules and Cisco PIX Firewalls have passed the last day of software support milestone as stated in the published End of Life (EoL) documents. 5G/1G multigigabit; 24-port 1000M/100M. 0 5. Decompress the ZIP file and extract the corresponding file for the system on which you plan to run the conversion application—fwsm_migration. 4, 6. End-of-Sale and End-of-Life Announcement for the Cisco Catalyst 6500 Series ASA. Simplified network diagrams are provided. The last day to order the affected product(s) is May 16, 2022. The next few paragraphs describes how the integration and deployment of Cisco WiSM in VSS environment is done seamlessly and does not require special. Product Type. If you want support information for the. 2 (1)F. 新しいものに切り替えることを検討してください。. 18 9. 5 Gbps of throughput, and one million concurrent connections per service. 1 host 20. app. Cisco Firewall Services Module (FWSM)* Refer to the "Fixed Software" section for additional information about fixed releases. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown. x, 8. 3(3), but I got 2. i was looking for some live logs generated by fwsm 4. Bellow is a link to the compatibility matrix, comparing ASA appliance and ASASM modules. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the. The last day to order the affected product(s) is December 29, 2021. 24-port 10G/5G/2. The default root password is cisco. The auth-proxy feature in Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected device. End-of-Sale and End-of-Life Announcement for the Cisco UCS PCIe Mezzanine Flash Board 400GB 30/Jun/2014. End-of-Sale Date: 2013-09-16. 0. Setup primary FWSM and fail over lan link no issues. EOS/EOL for 64MB Compact Flash for Cisco Catalyst 6500. The last day to order the affected product (s) is July 16, 2018. Where the severity_level argument specifies the severity levels of messages to be sent to the syslog server. Below are the models within this series: 7600 Series Wireless LAN Services Module (WLSM) 8000 Series MGX-FRSM-12-T3/E3 Frame Relay Service Module. If you want support information for the. FWSM Firewall Version 3. Cisco Catalyst 6500/6800 Supervisor 6T Architecture White Paper. They're the WS-SVC-FWM-1 modules. Recommend running "fsck disk:"Below are the 4 different scenarios faced when using FWSM 3. Three denial of service (DoS) vulnerabilities affect the SunRPC inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances. FWSM# = System Context. Cisco ONE for Data Center Compute and Cloud. Release Date. 1, plus critical bug fixes and additional enhancements. FWSM/admin# = Admin Context (only for administration of the FWSM) Management settings for the FWSM and other general FWSM related settings. When I start testing the configuration I don't get the results I was expecting. Authenticate with the credentials configured in Example 3-18 when the Connect to 192. A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The last day to renew or add to an existing subscription is August 31, 2021. Hi , I hope that you guys can help me to understand FWSM license information I'm a newbie on cisco firewalls. The last day to order the affected product(s) is April 30, 2024. The vulnerability exists when SCCP inspection is enabled. ManageEngine Network Configuration Manager is a Network Change and Configuration Management Software to manage the configurations of switches, routers,. The last day to order the affected product(s) is September 5, 2023. Cisco ® announces the end-of-sale and end-of life dates for the Cisco Firewall Services Module Software Release 2. Cisco Security. 1. The ASA 5500 series’ throughput range addresses use cases. Cisco PIX (Private Internet eXchange) was a popular IP firewall and network address translation (NAT) appliance.