Bridged F/W in front of PIX?

Rainer Blaes · ‎02-13-2014

Dear all,
to harden secure our PIX does it make sense to deploy a bridged F/W
(pfSense, Astaro UTM ...) in front of the outside I/F of our PIX?

Thanks in advance for any comment!
Greetings, Rainer

David White · ‎02-19-2014

What additional value do you see that providing?

I don't see much reason,. but if there is a feature on those products which you feel would add additional protection mechanisms and would therefore improve your security policy, then you can go for it.

Sincerely,

David.

Rainer Blaes · ‎02-19-2014

David,

in order to mitigate the risk that our PIX could be hacked from outside

he wants to deploy another security device (bridged F/W) in front of it.

By the way is it relatively easy to crack the PIX repectively are any intrusions

well known?

So long, Rainer

David White · ‎02-19-2014

Hi Rainer,

If you practice good security policies (SSH / ASDM with AAA), then only authorized users will have access to your PIX. Any security issues related to Cisco's products are publicly disclosed at: www.cisco.com/go/psirt

I personally do not see the value of placing another security device in front of the PIX, mearly to attempt to protect the PIX.

Sincerely,

David.