PIX 501 web server help

Unanswered Question
Aug 3rd, 2007

So I'm going to be running a pix 501 with two web servers. In order to make it as secure as possible I'm doing port forwarding (from a router), through the pix, to the web server. Now here is where i need help... Do I have to create ACLs for each and every port to make it secure? What is the best way to go about doing this, because I don't want to open up to much.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
hoogen_82 Sat, 08/04/2007 - 09:44

I am not sure why you need to do it twice. Lets just say if your web server is in the Inside zone with an ip address of and the public IP is, this is what you need to do.


static (inside,outside) tcp www www netmask


access-list outside_in extended permit tcp any host eq www


access-group outside_in in interface outside


This should help you out. Do the same way for the second server.


purohit_810 Sun, 08/05/2007 - 15:08

See, One way you can implement security on WEBSERVER.

1) You must have to PATCH the server before you live it.

2) You must have to do hardning of server. (See Webserver hardning procedure.)

3) You must have password of mean .. web admin.

4) after you need access-list. USE FIXUP command to change port no than default.


Dharmesh Purohit


This Discussion