Re: [fw-wiz] PIX firewall licensing and beyond (newbie)
From: Victor Williams (vbwilliams_at_neb.rr.com)
Date: 09/07/05
- Previous message: Ryan Steinmetz: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- In reply to: Vahid Pazirandeh: "[fw-wiz] PIX firewall licensing and beyond (newbie)"
- Next in thread: David Lang: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- Reply: David Lang: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Vahid Pazirandeh <vpaziran@yahoo.com> Date: Wed, 07 Sep 2005 10:48:58 -0500
1. This depends on your expected traffic. Are you serving stuff on the
internet? Or are you trying to separate two networks that really
shouldn't see each other on the same LAN? I've never had performance
issues with a PIX 515 or higher, but then I've never had more than 10
meg of available bandwidth on it's outside (internet-facing) interface.
Your mileage is going to vary based on your application.
2. It's not the licensing really. You need to check out cisco.com and
see which package of which firewalls are available. Cisco sells the
same units, with the same software on all of them. Your activation keys
are what limit what you can do with them. I never run lower than PIX
515E unrestricted packages. Restricted licences limit the functionality
of the unit. Unrestricted licenses basically let you do what you want,
with the confines of the unit only being limited by it's throughput and
other such factors.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_models_home.html
3. 6.3 and forward. PIX OS is up to 7.0(2) now. All of the PIX
firewalls support vlans to an extent except the PIX 501 I believe.
Again, check Cisco's website from above.
4. Depends on the package. Consult point 2 for the link.
5. www.cdw.com is the cheapest that I've found hands down. When you
buy support, you buy them from Cisco. So, if something goes wrong, you
will be calling Cisco, not CDW. That's how it works.
6. I suggest reading any/all sections of the Cisco website pertaining
to the PIX firewalls...since it is their product.
Additionally, www.tek-tips.com has a section dedicated to PIX firewall
setup. However, I would read Cisco's website first and foremost. They
have over 100 articles just in their configuration and setup section
that will tell you how to do lots of simple as well as advanced things.
Cisco is very good about supporting their product. If you cannot find
configurations on their website and you have a support contract, if you
call them, they will walk you through whatever you want to do, and worst
case, they will get remote access to your environment and do it for you.
I've never had them on the phone and they not solve whatever issue I
have...but I've only ever needed to call them maybe 3-4 times.
Vahid Pazirandeh wrote:
> Hello everyone,
>
> I come from a linux admin background and have an assignment to setup a pix
> firewall. This is new territory and will be my first time playing with pix os
> instead of iptables. Please excuse my newb questions, but we all start
> somewhere. :-)
>
> 1. Which model? Our servers are in a co-location with a 100mbit drop. Would
> that make the 515E the right choice if we actually want to make use of our
> bandwith? The pix becomes the bottleneck?
>
> 2. I'm a little uneasy about the licensing. What are the typical features I
> should make sure that are included (e.g., 3DES)? What should I watch out for.
>
> 3. I read somewhere that vlan support is only in pix os 6.3. Is vlan support
> also based on which model I'm using, or do all pix firewall models have this
> feature?
>
> 4. How many physical ports do the pix firewalls typically come with? It seems
> like it's 2: one uplink, one downlink. I can already think of 3 security
> levels that I want my servers separated into. Does that mean I have to buy
> expansion slots? Or should I use VLANs instead?
>
> 5. Any recommendations on a location to order the pix firewall and licensing
> from? Good deals, good support, etc.
>
> 6. Any recommendations on some online reading that will help with implementing
> the pix firewall? It would help to see some example network layouts to get a
> better idea of how the components should be pieced together.
>
> Here are a few places that I've already scoped out:
> http://www.netcraftsmen.net/welcher/papers/pix01.html (also:
> pix02-pix04.html)
> http://www.examcram2.com/articles/article.asp?p=101741&seqNum=1
>
> Your guidance would be very helpful. Thanks for a great mail list!
>
> A PIX student in training,
> -Vahid
>
> =============================================
> "Make it better before you make it faster."
> =============================================
>
>
>
>
> ______________________________________________________
> Click here to donate to the Hurricane Katrina relief effort.
> http://store.yahoo.com/redcross-donate3/
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Ryan Steinmetz: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- In reply to: Vahid Pazirandeh: "[fw-wiz] PIX firewall licensing and beyond (newbie)"
- Next in thread: David Lang: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- Reply: David Lang: "Re: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
