Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is PIX 501 capable of passing SQL and file sharing traffic?

I have a small LAN. I want to install a Cisco firewall that will protect my network and allow 6-10 remote users access thru VPN. At the same time, it needs to allow a standalone web server located in my

DMZ to communicate with an SQL server and a read-only file share on a W2K server both located behind the firewall.

Right now, I've got a Cisco 2611XM connected to a T1 line to PacBell. It has two ports; one is connected to the LAN and the other is currently unused. I'm thinking of purchasing a PIX 501 to put between the 2611XM and my local LAN and then putting the web server on the unused port on the 2611XM. My questions are:

1. Is the PIX box capable of passing SQL and Windows file sharing traffic?

2. Does the PIX have a DMZ port? If so, does it offer any options for logging activity on that port?

3. How does the PIX box compare to upgrading the 2611XM to support IOS firewall?

  • Other Security Subjects
3 REPLIES
Silver

Re: Is PIX 501 capable of passing SQL and file sharing traffic?

Pix definitely passes the SQL severver traffic,

The PIX Firewall 501 has an integrated 10BaseT port and an integrated 4-port 10/100 switch. Your PIX Firewall license determines its level of service in your network and the number of interfaces it supports. I guess it supports DMZ also, but with license and extra cost, I am not sure of this.

New Member

Re: Is PIX 501 capable of passing SQL and file sharing traffic?

The PIX 501 is plenty capable to do what you want, but watch your licensing. The 501 will only allow 10 connections (total, not concurrent), and then won't allow any more. If you have public traffic coming in through your PIX, 10 (TOTAL) connections will be used up pretty quick. You could upgrade to an unlimited license, but that will cost almost as much as a 506, and the 506 is more powerful.

PIX's don't come with DMZ ports. The 515 or better can support up to 6 interfaces I think, which will allow you to designate one or more as a DMZ, if you like. IMHO, one server doesn't justify the additional mess of setting up a DMZ.

I use CBAC (IOS firewall) on my LAN because it's more flexible and cheaper. I have a couple public servers and some private hosts behind it and it works well. It will suck up additional CPU/RAM, though, and that may not be acceptable in a high-availability environment where you need your router dedicated to dynamic routing.

The 501 is not the right firewall to put public hosts behind because of the licensing. If you only need two interfaces, you could use a 506. If you want a DMZ, use a 515. I also like Symantec's Velociraptor for this kind of small environment.

New Member

Re: Is PIX 501 capable of passing SQL and file sharing traffic?

The pix if you upgrade to 6.3 now can be set to 100mbit on the outside. And I see this alot but you all are mistaking the Licensing part I THINK. This refers to connections outbound from the inside and I have been told that this is achieved by the arp table. But obviously I think this is something that should be cleared up. But I will say this I have a office with 7 users internally and a website that recieves about 1000 to 2000 hits per day and they never have a problem in this office with there 501. I also have a 501 at home on a businees dsl connection and a public webserver and no problems.

115
Views
0
Helpful
3
Replies
This widget could not be displayed.