PIX - function as a bridge?

Unanswered Question

Is it possible for PIX to filter the TCP/IP traffic while functioning as a bridge? To clarify, I have a client that uses Watchguard firewall. The firewall is setup where the outside and inside IP interfaces have the same IP address. Also, all clients have the same internal and external IP address so it seems like the firewall functiones as a bridge while inspecting the TCP/IP traffic? Can PIX do this?

P.S.: I can't renumber the network so it has to stay like this...

To illustrate, it would be something like this...

Router (10.1.1.X) -- (10.1.1.X) PIX (10.1.1.X) -- Internal Network (10.1.1.X)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
r-simpson Tue, 07/10/2001 - 09:45
User Badges:

The PIX cannot function as a bridge or a router. To push or pull traffic through the PIX for inspection, it is necessary for all your interfaces to be on separate networks. This is not to say there are not a number of good workarounds. For example, the segment on the outside between the PIX and the outside interface may be the only segment needing renumbering and all the networks added to the route tables in the PIX. Also, look for proper placement of the PIX in the network. It should be on the edge or entry point to and un-trusted network (i.e. the Internet).


This Discussion