Re: [fw-wiz] PIX 500 as ROUTER ONLY

From: Daniel Linder (dan_linder_at_yahoo.com)
Date: 11/17/03

  • Next message: Robert Fenerty: "[fw-wiz] Skip the PDM"
    To: Mikael Olsson <mikael.olsson@clavister.com>, Michael Leland <mleland@mediaheights.com>
    Date: Mon, 17 Nov 2003 08:35:37 -0800 (PST)
    
    

    > Michael Leland wrote:
    > > I have a PIX 500 that I want to use to connect two public IP
    > networks.
    > > I don't need to provide much security support, simply use it as a
    > simple
    > > router between subnets. Any ideas???

    Depending on your needs, you could setup the PIX to route traffic with
    a "permit ip any any" for the ACL on "inbound" stuff (i.e. outside to
    inside traffic), and then a "nat 0" for the traffic going from the
    inside back out.

    As another poster mentioned though, the PIX is really not meant to do
    this so features that a real router might have (RIP, OSPF, etc) will
    not be available or limited if they exist.

    Is this a case of needing to use existing equipment, or is the firewall
    feature going to be used shortly just not in the near future?

    You might want to look at the real long-term use of the device. If it
    is going to be doing more routing and very little firewalling (nothing
    a standard router ACL couldn't handle), then you might want to look at
    a low end router. If it will be doing firewall primarialy but just
    protecting live IP addresses behind it, then the firewall is your best
    bet.

    Dan

    __________________________________
    Do you Yahoo!?
    Protect your identity with Yahoo! Mail AddressGuard
    http://antispam.yahoo.com/whatsnewfree
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Robert Fenerty: "[fw-wiz] Skip the PDM"

    Relevant Pages

    • Re: Just venting (totally OT)
      ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
      (uk.people.support.depression)
    • Re: Just venting (totally OT)
      ... how long it plays for because it's all been ripped on to hard disc ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... The protection that it does supply is also provided by ...
      (uk.people.support.depression)
    • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
      ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
      (microsoft.public.security)
    • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
      ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
      (microsoft.public.security)
    • Re: Just venting (totally OT)
      ... long it plays for because it's all been ripped on to hard disc so it ... I'm paranoid about opening up my firewall "just in case..." ... having the protection of a router, not opening dodgy emails, and not ... The protection that it does supply is also provided by your router ...
      (uk.people.support.depression)