I would like to use the PIX 501 firewall for the following purposes, but not so sure if it can handle them:
1) support 3 interfaces: inside, outside, and a DMZ?
2) Remotely configure/maintain the firewall using command-line interface (CLI) via VPN?
3) What is the difference of Telnet over IPSec Versus VPN? Is this Telnet safe?
4) What is the console port for? and what is "out of band through a console port"?
5) If this firewall is connected via a ADSL modem to the internet (supported by a ISP)and its IP address is dynamic. Now I want to connect two computers to the firewall, one to the DMZ, and another to the inside interface (both of these two computers' IP are private IP). When this LAN configuration is done, can both the computers access the internet?
(I know I can have one computer connected to the ADSL's modem and access the internet. I wonder with this firewall, if I can have two computers access the internet, without using a router?)
1.To have DMZ support as per the data sheet available its 515E which supports the same.
On the same H/W you can scale upto 6 Fastethernet ports at the max.
2.You will have to use SSH for accessing a PIX firewall from outside interface and you need to allow the necessary access in the configurations.
From the inside local lan behind the inside interface you can have simple telnet access enabled with the reqd configs in the box.
3.if you want to ensure some kinda security for your telnet access do check out for SSH and diasble telnet access to your box or else block them using necessary ACL on the linevty configs.
4.Console port basically reqd to monitor the boot process or to recover your box if it gets hanged up while booting.
it normally goes into ROMMON to recover the box out of that you need to console onto the box coz the interfaces wont be active/valid during that period.
The interfaces comes active only when the active config is loaded on the box during the startup process.
Out of band management is basically accessing your equipment via normal PSTN line instead of normal telnet or ssh.
if theres some probs with the connectivity or some other probs you can very well login via the OOB setup which you do with normal dialup modem and the reqd config usually under aux interfaces to accept the same.
5.The local lan can acess the internet provided you have proper natting enabled on the firewall but if you want to have some kinda access from publi network to these servers it wont be possible since the ip assigned by your SP is dynamic in nature which will keep on changing based on the availability.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...