Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX Firewall Configuration


I have a question here. Lets say if there is one router ( connected to of PIX FW interface, and there is network to come in to (SAP Server) from the router, (routing : ),

How to apply permit list on the PIX Inside interface?

Am i suppose to apply on interface ?



Re: PIX Firewall Configuration

Hi Cindy,

Where is the network Is it outside your PIX.

If so, you need to apply the ACL on the outside interface of the pix, in the incoming direction.

access-group outside_acl in interface outside

In your acl outside_acl, you need to allow the segment to access

access-list outside_acl permit ip host

This acl will allow ip level access to the sap server from the segment

Ideally you should be allowing only the relevant TCP port from to your SAP server.

Revert back to us if you need further clarification.

Hope this helps. Kindly rate the post if it was helpful.


Community Member

Re: PIX Firewall Configuration

Thanks Vijay,

The network ( comes to the inside interface of PIX Inside Interface, but to (SAP Server) which resides on the INSIDE Interface VLAN.

So, I am not too if the traffic will flow in to firewall as the route is to go firewall first,before going to SAP Server.


Re: PIX Firewall Configuration

Hi Cindy,

Kindly clarify about your setup.

Where is the segment located physically.?

Are they residing behind your inside interface of the firewall and you want to protect access to SAP server from this segment.?

This is not a good design.

As the source and destination segments are in your inside network, You cannot make this traffic to pass through firewall. ( unless you are using vlan segmentation of zones in your firewall, which i suppose not the case in your setup)

What do you want to achive?

If you want firewall protection for the SAP server from segment, then you need to redesign the way in which your firewall is deployed.

If you dont want firewall protection for the sap server from the segment, then you need to check the way routing is configured from the segment till the sap server and do necessary changes, so that traffic from segment will reach the SAP server with out passing through the firewall.

Kindly revert back with more details on your setup/requirement to us, if the above explanation doesn't apply to your network/needs.

Hope this helps.


CreatePlease to create content