Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

New PIX 506 - suggestions

We have just purchased a PIX 506 firewall. It will be connected to an ISP through a DSL connection. I am looking for any suggestions and "hind" sight that anyone might have in the configuration. There will be less than 20 users behind it.

2 REPLIES
New Member

Re: New PIX 506 - suggestions

Here a few tips that should help you out:

Reserve some network addresses for statics. Don’t put all your addresses in the global pool. It makes it easier to administer later.

Turn on Port Address Translation (PAT). Add another global one with just a single address for PAT. When you run out of addresses in your global pool, PAT will takeover and allow basic web, ftp, mail, etc. functionality. Even if you think you have enough addresses now, just turn it on in case your company grows.

Keep it as tight as possible. Any time you open conduits through the firewall, you are opening up vulnerabilities to the network.

Hard set your interface speed. Auto detect can cause problems with some routers and switches.

Use the latest “General Deployment” PIX code. Avoid “Early Deployment” unless you have to have a feature in that particular code. On the download site, these are listed as GD and ED. I am a strong believer in “if it’s not broken, don’t fix it.” Don’t just upgrade code without having a specific reason to do so.

Hope this helps…Did I miss any?

New Member

Re: New PIX 506 - suggestions

Let me know if you get mail working thru the dsl/506.

I have an implementation that is giving me fits.

we can send mail, but not receive. the other suggestions all make sense, espically the global pool

config. have fun

130
Views
0
Helpful
2
Replies
CreatePlease login to create content