Considering a PIX 525 and I have questions

1. The out of the box setup is 2 ports. These are user configurable as WAN and LAN?
2. To add a DMZ and have other devices behind the firewall, I would add a PIX-4FE-66 card?
3. 99% of the traffic will be web users to the a shopping site. At most 4 VPN users to an internal server. In the future I would want to implement failover. Is this a suitable solution or are there better cost effective options? This will be in a colocated environment.
Who is Participating?
1.  The ports are configurable, but by default the ethernet0 interface is the WAN interface.  It's best to just leave the defaults for your initial 2 interfaces.
2.  You can either add the 4-port card or a single ethernet card (PIX-1FE).  If you have the budget for it, it's probably best to get a 4-port card, chances are you'll want the additional interfaces later.  But see the notes in #3 before deciding.
3. Failover is an option on this model, but if you want that for the future, you should order your PIX with the right license initially (should be cheaper this way).
   In order to use failover:
- 1 PIX needs to have the UR or "Unrestricted" license, & the other needs to have either a UR, an FO ("Failover") license (or a Failover Only Active-Active ("FO_AA") license if using PIX 7.x series software).  A PIX with a "Restricted" license *cannot* be used in a failover pair.
- Both PIXes in a failover pair *must* be identical hardware (same models, same # & type of interfaces, etc), plus must be running the same exact version of PIX software.

  PIX 7.x series failover info:
  PIX 6.x series failover info:

i am totally with calvin.....

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.