Help with Pix Firewall 515 restricted bundle

Unanswered Question
Mar 29th, 2006
User Badges:

Hello there,

I am new to Cisco Pix and was wondering if I can get some inputs as to where I can go from my situation.

I need to open several ports on the Pix 515 we have right now. It has ISO 4.4 (1) install on it currently. My manager is leery about opening up ports on Pix due to obvious reason (exploitations from Internet). I spoke to one of the network guy I knew who work for a company that makes firewall and learnt a lot from him. He mentions I should consider the functionalities of firewall before implementing one of our core servers on the network. I was wondering if PIX have these capabilities of differentiating an outside attack versus a genuine connection. I mean does it drop the connection if the connection is a script that continually trying to connect to the internal network? Do the PIX write some sort of information to itself to generate a blacklist? Would we be able to configure the PIX so that when a connection is made to a server within the network, it will not be able to seek out other servers that have the same port open? If PIX can not perform these functionalities, is there another model you can recommend or alternative?

I will need to open up the ports for SSL, VPN and probably Remote Workplace to work and so I want to be careful what PIX is able to do. Is there an easy graphical interface I can download to see what’s in the PIX besides having to learn the command line?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nicholas Vigil Thu, 03/30/2006 - 06:51
User Badges:

The Cisco pix does have a GUI interface called the Pix Device Manager (PDM) that can give you an alternative to the commandline.

The Pix has limited capabilites in being able to detect attacks but ha some intrusion prevention guards.

Cisco has come out with a new security appliance called the ASA which has alot more functionailty than the pix which you might want to look into.

If this helps please rate my post, thanks.

cisco-newbie Thu, 03/30/2006 - 18:25
User Badges:

Hi Nick,

Thanks for your response. Configuring Pix is still new to me but I will have to get familiar with it since it is something we have currently. Would you be able to direct me to the link with the PDM. Does it apply for IOS 4.4 (1). I am thinking of upgrading to Pix OS 7 to get the additional enhancement but still waiting to hear from Cisco to see the cost and benefit of it.





This Discussion