Cisco PIX Firewall...

Discussion in 'General Hardware' started by chrisbyrd, Dec 8, 2004.

  1. chrisbyrd

    chrisbyrd OSNN Junior Addict

    Hi Guys

    Seeing as you gave me such great answers to my last non-windows networking question, i have another... :)

    We've recently spent a couple of thousand pounds on a Cisco PIX 525 Firewall.

    Has anyone had any experience with hardware firewalls?

    As I understand it, they are meant to be transparent to the hosts communicating to and from the network. As long as the firewall is sitting between our network and the outside world, is there anything that needs to be configured on the machines on the network?

    For example:

    Several Servers > Network Switch > PIX Interface1 > PIX > PIX Interface2 > Our ISP

    The servers have the gateway set as the router of the ISP

    Am I right in thinking the two interfaces on the PIX need to be assigned IP addresses on different network ranges, and we employ some sort of routing (ISP will do OSPF) on the PIX itself? Setting the default router on the servers to be that of the PIX interface on the 'inside', so the router is acting almost as a router and a firewall?

    We are currently not operating our own BGP router on this particular network.

    Please forgive me if that makes absolutely no sense...
    Any advice would be much appreciated :confused:
  2. Geffy

    Geffy Moderator Folding Team

    United Kingdom
    Moved to Networking Hardware
  3. the_tazinator

    the_tazinator Are we there yet?

    In a house
    Anyone that deals in larger networks knows that there is no good single answer for a network question especially when you start asking about firewall and security. Each company (states, countries) have their own policies and rules that they have to follow so every network is different. Where I work we have 2 (redundant) PIX 535's and configuring them can get very tricky since we have to follow the network design and policies. If you have a DMZ, this is something else that needs to be planned out. Is the DMZ going to have some sort of firewall or is it just going to float between the internet and your lan. Are you going to be doing NAT/PAT? Where is the translations being made? Firewall, router? For the most part firewalls are transparent to the user. There is no extra configuration needed when a firewall is in place. If there is, you did something wrong. My advice is if you need help configuring a Cisco firewall then get in contact with your local Cisco rep and request assistance. It will most likely cost the company to have a tech assist but it is better than spending days on end trying to figure it out yourself and in the long run be cheaper.
  4. chrisbyrd

    chrisbyrd OSNN Junior Addict

    this is a good plan :)