Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

pix questions

I have a pix 501. I noticed that not much configuration was needed to put it in place. Are all PIXs like this? Or do some of the other ones require more configuration?  what can I do to further configure this...as far as rules are concerned, inspection etc..
thanks
0
dissolved
Asked:
dissolved
  • 2
  • 2
2 Solutions
 
JFrederick29Commented:
The PIX 501 is your basic SOHO firewall, no routing protocols, no VLAN support, only an inside and outside interface, so yes, NAT, some static's/ACL's if desired, and VPN configuration are really the bulk of the PIX.  The more advanced PIX's support routing protocols, VLAN's, and can have many interfaces, which leads to DMZ configurations.  As far as wanting to configure more on the PIX, there really isn't that much more.  Hopefully though, because it doesn't appear to have as much configuration as a router or switch, you don't minimize the capabilites of the PIX.  It is a firewall foremost and that part it does very well.
0
 
lrmooreCommented:
Every PIX runs the exact same OS image, but the hardware limits use of some features and imbedded firmware limits use of some features (like a 10 user license limit on some 501's).
So, yes, even the big 535 is just that easy to get up and running out of the box for basic functionality.
If you really want to learn what all a pix can do, just look at the command reference guide..
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm

Learn it all very well, and in a month or two you can throw all that away when PIX 7.0 is released. I read 23 pages of new feature descriptions...
It may be a mistake. The more feature filled, the more configurations available, the more suseptible to human error. After all, human error in configurations is at the root of 90% of breakins now.
0
 
dissolvedAuthor Commented:
Thanks. So basically, I wont do much more configuration to my PIX, than what I've already done?  (static routes, defining inside/outside interface etc..)
The more advanced PIXs are more like routers it seems.

Are PIX's easier to configure than routers?

Thanks for the heads up on the Pix 7.0. 23 pages of new features? Wow. Guess they dont follow K.I.S.S. philosophy
0
 
lrmooreCommented:
The more advanced PIXs are no more like a router than yours is. They behave the same way, just have more memory to run more advanced features like VLANs and OSPF and multiple interfaces (up to 100 to be exact) for multiple DMZs.

I personally think that the PIX is easier than a router. No wildcard masks, everything uses subnet masks--even acls.
I like the quick look at performance graphs on the home page of the GUI.

Just remember that it is NOT a router and does not behave anything like a router.

I guess the market forces drives the feature set, not the security people...I can't tell you how many times I've had to tell someone that the PIX simply will not do what they want it to, no matter how big their hammer. I always hear "but my Linksys|D-link|Wal-Mart special would do that. You mean a $50 box is more capable than a $5000 box?" - D'OH! they just don't get it..
I'm trying my best to get hold of the PIX 7.0 code to see what it really does...Volunteered to beta test.. waiting patiently...



0
 
dissolvedAuthor Commented:
Thanks man. Let us know if you get a hold of the 7.0 and what you think about it.
Thanks!
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now