We currently have a /30 external subnet to the internet (2 IP address in reality, 1 on outside of PIX, 1 on perimeter router). We want to allow 4 inside machines outbound using a variety of protocols and SMTP traffic inbound to the mail server. One of the inside machines is an HTTP proxy. I was going to use PAT oubound and static PAT inbound. Is this the best way of doing this given the lack of IPs?
Will PATing a proxied HTTP request result in degraded performance?
You should be fine so long as the http proxy doesn't serve thousands of users. Theoretically, PAT can work for 65k connections, but in practice there are some limitations. Running out of PAT translation slots should be the only possible performance limitation, and that should only happen if you have 10s of thousands of concurrent connections.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...