Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Choose a firewall

My case is like this: an (web)applcation server hosts multiple web apps for the public to access. Moderate traffic. The server is located in a Commercial Hosting Company's server room. So the server can directly plug into the LAN (which is connected to the internet).

1) Among the PIX 50x series, which firewall fits this situation better? (I'll need the firewall to support the NAT, DMZ and VPN). Or I may even need other firewalls (budget sensitive).

2) Is the double firewall necessary to build the DMZ? (i.e. PIX --DMZ-- PIX)

3) Any opinion or comment on the Microsoft ISA Server 2004 (which claims to be a better firewall).

Many thanks.



Re: Choose a firewall


AFAIK if you have a PIX firewall like either 501 which has 2 Fastethernet port or 515E which can have max 6 fastethernet port can serve your purpose.

If you want to configure DMZ with PIX itself then you would require on more fastethernet port additional to one input and one output interface.

output interface is the one which gets you connected to the outside public world (LAN here) and the inside port connects to your local lan or server farm.

you can alwasys isolate the local lan and server farm to 2 different zones if its present or else you can connect you server up to the inside port itself.

But do remember that you are configuring it to allow all the reqd ports which ius accessed by the public.

Also you have the advantage of configuring normal VPNs and also configuring the pix as easy vpn server too to cater your mobile users .


CreatePlease to create content