Pix515e and sonicwall

I have come to a company
where they place 2 firewalls connected to each other,
one is pix515e and sonicwall tz170, the system admin that he hand over me told me this for more security.
I found that there is double nating happeneing,from sonicwall to pix and from pix to wan,
I tried to remove sonicwall ,but there is a lot of features inside it, like anti spam ,anti virus,content filter........aslo if I remove pix (pix is the most trusted firewall) and i dont need Dmz in the middle of the 2 firewall because i can create it with the sonicwall with the third interface,
anybody can advise to keep them both or to remove pix?
drawing1-1-.JPG
i_harfoushAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Is the PIX providing any other services such as remote access VPN that you would lose if you remove it?
If it ain't broke, don't fix it. If everything is working the way the business needs it to be, leave it alone for now.
Knowing that the PIX is nearing end-of-life, you might start planning for a replacement. The SonicWall is providing some features not available on the PIX, and would probably be adequate to support everthing all by itself, so your replacement plans may be to replace them both with another combination of appliances, or a single device that does it all. Cisco gives you the option to use best-of-breed products for each function instead of trying to cram them all in to one box where you get "adequate" and not "best" solution for your business needs.
0
i_harfoushAuthor Commented:
Sir,
I am not using the pix for vpn..only the nating...and access rules
so u advise me to keep the current setup Sir,
0
lrmooreCommented:
Let's look at pros and cons of removing the PIX out of the picture:

PRO:
 - removes a level of complexity that eases troubleshooting problems (potential to save manpower $)
 - removes a device that is using electricity (save $ on power bill)
 - removes a device that is nearing end-of-life from the vendor (no more upgrades or vendor support)
 - removes an additional point of failure

CON:
 - any change requires careful planning and takes time (manpower costs $)
 - You are left with "adequate" security with the Sonicwall (are you comfortable with that)
 - PIX is generally a better, more trusted, firewall than Sonicwall and will last you a couple more years probably
 - creates a single point of failure scenario

Bottom line is that you have to make the decision based on many factors, not just an opinion posted in a forum. I have no knowledge of the business, regulatory requirements on the business, amount of data, budget constraints, your level of expertise with any of the equipment, etc. I've just posted some things to think about in your decision making process.

0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

i_harfoushAuthor Commented:
Mr irm,
is double nating bad for networking?or something i can ignore?
0
i_harfoushAuthor Commented:
can I leave the pulbic servers nated only by pix  and their defualt gateway keep it pix ,and the clients using sonicwall for content filtring ,antispam?
0
lrmooreCommented:
Double-nat is not necessarily bad. If it works, ignore it.
Yes, you can leave the public servers natted only by the PIX and use the Sonicwall for the content filtering and antispam for end users.
0
i_harfoushAuthor Commented:
Mr, Irm, can you comment on this drawing?
drawing-final.JPG
0
lrmooreCommented:
This looks much more like what I would expect to see and what I would recommend.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
i_harfoushAuthor Commented:
so it s recommeded by you MR. Irm?
0
i_harfoushAuthor Commented:
ok
0
lrmooreCommented:
What I recommend is that you use your own expertise, and your own knowledge of your business requirements, assess the information I have provided, and make your own recommendations to your superiors.
You will not corner me into saying "yes, this is what I recommend" because I do not have enough information on why it was built the way it was in the first place. There may have been good reasons for it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.