pix in transparent mode

Unanswered Question
Feb 28th, 2007

Hi all, i have some servers at work, on the same subnet as my other servers, i want to restrict traffic to 4 of them using a pix, I just want to restrict subnets, my question is would i need to put the pix in transparent mode? and do i need to put ip addresses on both in and outside interfaces on the pix? and if so how would people reach this as i dont want routing invloved as its on the same subnet!

hope you can help



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 02/28/2007 - 04:37

Hi Raju

The pix does support transparent mode in version 7.0 upwards. So if you have a pix 515E or better running v7.0 you can do this.


Yes you can use the pix in transparent mode. The pix will have one IP address for management. You do not need to worry about routing as the hosts and servers are on the same subnet.

Attached is a link for v7.0 transparent configuration.




Jon Marshall Wed, 02/28/2007 - 04:53


Unfortunately no. Pix 501 and Pix 506 do not support v7.0 and transparent firewall functionality is not available in v6.x.

You could look at using vacl's (vlan access-lists) which allow you to resrict traffic between hosts/servers within the same subnet.



carl_townshend Tue, 03/06/2007 - 04:06

Hi all, how can I filter traffic to these servers then if I do not have one of these firewalls, the servers are on the same subnet? any ideas what I can do here ?


This Discussion