Firewall Wizards mailing list archives
Re: PIX firewall licensing and beyond (newbie)
From: Victor Williams <vbwilliams () neb rr com>
Date: Wed, 07 Sep 2005 10:48:58 -0500
1. This depends on your expected traffic. Are you serving stuff on the internet? Or are you trying to separate two networks that really shouldn't see each other on the same LAN? I've never had performance issues with a PIX 515 or higher, but then I've never had more than 10 meg of available bandwidth on it's outside (internet-facing) interface. Your mileage is going to vary based on your application.
2. It's not the licensing really. You need to check out cisco.com and see which package of which firewalls are available. Cisco sells the same units, with the same software on all of them. Your activation keys are what limit what you can do with them. I never run lower than PIX 515E unrestricted packages. Restricted licences limit the functionality of the unit. Unrestricted licenses basically let you do what you want, with the confines of the unit only being limited by it's throughput and other such factors. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_models_home.html
3. 6.3 and forward. PIX OS is up to 7.0(2) now. All of the PIX firewalls support vlans to an extent except the PIX 501 I believe. Again, check Cisco's website from above.
4. Depends on the package. Consult point 2 for the link.5. www.cdw.com is the cheapest that I've found hands down. When you buy support, you buy them from Cisco. So, if something goes wrong, you will be calling Cisco, not CDW. That's how it works.
6. I suggest reading any/all sections of the Cisco website pertaining to the PIX firewalls...since it is their product.
Additionally, www.tek-tips.com has a section dedicated to PIX firewall setup. However, I would read Cisco's website first and foremost. They have over 100 articles just in their configuration and setup section that will tell you how to do lots of simple as well as advanced things. Cisco is very good about supporting their product. If you cannot find configurations on their website and you have a support contract, if you call them, they will walk you through whatever you want to do, and worst case, they will get remote access to your environment and do it for you. I've never had them on the phone and they not solve whatever issue I have...but I've only ever needed to call them maybe 3-4 times.
Vahid Pazirandeh wrote:
Hello everyone, I come from a linux admin background and have an assignment to setup a pix firewall. This is new territory and will be my first time playing with pix os instead of iptables. Please excuse my newb questions, but we all start somewhere. :-) 1. Which model? Our servers are in a co-location with a 100mbit drop. Would that make the 515E the right choice if we actually want to make use of our bandwith? The pix becomes the bottleneck? 2. I'm a little uneasy about the licensing. What are the typical features I should make sure that are included (e.g., 3DES)? What should I watch out for. 3. I read somewhere that vlan support is only in pix os 6.3. Is vlan support also based on which model I'm using, or do all pix firewall models have this feature? 4. How many physical ports do the pix firewalls typically come with? It seems like it's 2: one uplink, one downlink. I can already think of 3 security levels that I want my servers separated into. Does that mean I have to buy expansion slots? Or should I use VLANs instead? 5. Any recommendations on a location to order the pix firewall and licensing from? Good deals, good support, etc. 6. Any recommendations on some online reading that will help with implementing the pix firewall? It would help to see some example network layouts to get a better idea of how the components should be pieced together. Here are a few places that I've already scoped out: http://www.netcraftsmen.net/welcher/papers/pix01.html (also: pix02-pix04.html) http://www.examcram2.com/articles/article.asp?p=101741&seqNum=1 Your guidance would be very helpful. Thanks for a great mail list! A PIX student in training, -Vahid ============================================= "Make it better before you make it faster." ============================================= ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX firewall licensing and beyond (newbie) Vahid Pazirandeh (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Ryan Steinmetz (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Victor Williams (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) David Lang (Sep 07)
- RE: PIX firewall licensing and beyond (newbie) Paul Melson (Sep 07)