Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
2
Replies

Setting up an ISP Firewall

rjsatter
Level 1
Level 1

‎04-21-2003 03:49 AM - edited ‎03-09-2019 02:58 AM

I currently support (2) PIX 515's for our corporate firewalling requirements.

We are in the process of establish our own ISP network. We have selected the PIX 525 running in failover configuration to protect the ISP server farms.

I have been told that setting up an ISP firewall is very different than for corporate purposes. For starters we have global addresses on the inside and obviously the outside. I have also been told you do NOT typically use NAT on an ISP firewall.

I am looking for a basic ISP firewall setup. Any assistance would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

hadbou
Level 5
Level 5

‎04-25-2003 09:24 AM

I don't think there;s any restriction on using NAT in ISP network, if you don't have enough IP addresses you can very well use private IP addresses for your LAN and NAT them.

The Pix in an ISP network is to protect your own infrastructure like your LAN, web servers, radius servers, mail servers. This is no way different from a pix used for a corporate purpose. May be the ports that you might open will differ based upon the services you run.

0 Helpful

a-alao
Level 1
Level 1

‎04-27-2003 04:15 AM

Setting up your firewall for an ISP or any firewall is a design call. But the challenges are the same as long as you understand the fundamentals of the PIX.

IF you do not have an IP address shortage, your static statements could be mapped differently- like static(inside, DMZ) 145.24.34.0 145.24.34.0 255.255.255.0

You might have to pay more attention to your access-list to control both inbound and outbound traffic - where necessary

You can use NAT statements when you expect traffic to only originate from one direction.

Arrange yor access-list in a descending order of what access-list will be used the most.

If you need addtional help. Let me know...

Ade

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents