Re: [fw-wiz] PIX 500 as ROUTER ONLY

From: Daniel Linder (dan_linder_at_yahoo.com)
Date: 11/17/03

  • Next message: Robert Fenerty: "[fw-wiz] Skip the PDM"
    To: Mikael Olsson <mikael.olsson@clavister.com>, Michael Leland <mleland@mediaheights.com>
    Date: Mon, 17 Nov 2003 08:35:37 -0800 (PST)
    
    

    > Michael Leland wrote:
    > > I have a PIX 500 that I want to use to connect two public IP
    > networks.
    > > I don't need to provide much security support, simply use it as a
    > simple
    > > router between subnets. Any ideas???

    Depending on your needs, you could setup the PIX to route traffic with
    a "permit ip any any" for the ACL on "inbound" stuff (i.e. outside to
    inside traffic), and then a "nat 0" for the traffic going from the
    inside back out.

    As another poster mentioned though, the PIX is really not meant to do
    this so features that a real router might have (RIP, OSPF, etc) will
    not be available or limited if they exist.

    Is this a case of needing to use existing equipment, or is the firewall
    feature going to be used shortly just not in the near future?

    You might want to look at the real long-term use of the device. If it
    is going to be doing more routing and very little firewalling (nothing
    a standard router ACL couldn't handle), then you might want to look at
    a low end router. If it will be doing firewall primarialy but just
    protecting live IP addresses behind it, then the firewall is your best
    bet.

    Dan

    __________________________________
    Do you Yahoo!?
    Protect your identity with Yahoo! Mail AddressGuard
    http://antispam.yahoo.com/whatsnewfree
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Robert Fenerty: "[fw-wiz] Skip the PDM"