Adding an Interface to PIX
Posted on 2003-11-18
I have a pix with 3 running interfaces - Inside, Outside, DMZ
Security levels - 100, 0, 50 repectively
I am looking to add a fourth, highly secure interface.
This interface will operate completely separate from the other three. The LAN segment will also be separate.
The fourth interface will not need to pass traffic between the inside and DMZ. Only outbound web traffic from the fourth interface needs to pass through to the outside.
I plan on setting the security level of interface 4 to 100, equal to that of the inside interface. From what I understand interfaces with equal security levels cannot pass traffic. And since the dmz and outiside have a lower security level they will not be able reach interface 4. Please confirm.
Also, what other settings are required to ensure that interface 4 can only pass http traffic on port 80?