[note: Alteon L4 switch is for load balance among servers.]
As far as i know, PIX is usually put between a router and a switch. but in this case, the PIX is not directly connected to the router, rather, ALL of the interfaces of the PIX are connected to the Cat4009 only, there are VLANs presented on the Cat4009. the servers, like the PIX, are also connected the Cat4009 via different VLANs.
my question is: Does the PIX still work in this case? i mean, it seems like all the inbround traffics from the internet can first reach the Email/web servers without the protection of the firewall, because the firewall's position makes it impossible to block any traffic from the outside network. the firewall only works when the servers respond to the inbound traffic, because the PIX can check the returned packets sent by servers.
is this topology all right for a network which need high security? or it doesn't work at all? is there a better solution?
any help will be greatly appreciated, thanx in advance.
this network will not have enough security bcoz the firewall has to be placed between the internet and u r internal lan. a better design would be to put the pix after the l4 switch and put the servers in the DMZ of the PIX and the 4009 for the internal lan.
4009 shud be connected to inside interface of the PIX and the L4 switch shud be connected to outside interface of the switch.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...