Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
4
Replies

Help with Pix Firewall 515 restricted bundle

cisco-newbie
Level 1
Level 1

‎03-29-2006 03:24 PM - edited ‎02-21-2020 12:48 AM

Hello there,

I am new to Cisco Pix and was wondering if I can get some inputs as to where I can go from my situation.

I need to open several ports on the Pix 515 we have right now. It has ISO 4.4 (1) install on it currently. My manager is leery about opening up ports on Pix due to obvious reason (exploitations from Internet). I spoke to one of the network guy I knew who work for a company that makes firewall and learnt a lot from him. He mentions I should consider the functionalities of firewall before implementing one of our core servers on the network. I was wondering if PIX have these capabilities of differentiating an outside attack versus a genuine connection. I mean does it drop the connection if the connection is a script that continually trying to connect to the internal network? Do the PIX write some sort of information to itself to generate a blacklist? Would we be able to configure the PIX so that when a connection is made to a server within the network, it will not be able to seek out other servers that have the same port open? If PIX can not perform these functionalities, is there another model you can recommend or alternative?

I will need to open up the ports for SSL, VPN and probably Remote Workplace to work and so I want to be careful what PIX is able to do. Is there an easy graphical interface I can download to see what’s in the PIX besides having to learn the command line?

0 Helpful
4 Replies 4

Nicholas Vigil
Level 1
Level 1

‎03-30-2006 06:51 AM

The Cisco pix does have a GUI interface called the Pix Device Manager (PDM) that can give you an alternative to the commandline.

The Pix has limited capabilites in being able to detect attacks but ha some intrusion prevention guards.

Cisco has come out with a new security appliance called the ASA which has alot more functionailty than the pix which you might want to look into.

If this helps please rate my post, thanks.

0 Helpful

cisco-newbie
Level 1
Level 1
In response to Nicholas Vigil

‎03-30-2006 06:25 PM

Hi Nick,

Thanks for your response. Configuring Pix is still new to me but I will have to get familiar with it since it is something we have currently. Would you be able to direct me to the link with the PDM. Does it apply for IOS 4.4 (1). I am thinking of upgrading to Pix OS 7 to get the additional enhancement but still waiting to hear from Cisco to see the cost and benefit of it.

Helen

Thanks,

Helen

0 Helpful

kengyiam
Level 1
Level 1
In response to cisco-newbie

‎03-30-2006 06:35 PM

Hi,

You can upgrade your PIX OS to 7 first then install the ASDM or PDM in any case to your PIX. The ASDM that Im using is 5.0. Its quite user friendly.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008014871d.html.

Regards,

Franco

0 Helpful

cisco-newbie
Level 1
Level 1
In response to kengyiam

‎03-30-2006 06:51 PM

Thanks Franco!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card