Firewall Wizards mailing list archives
Re: PIX firewall licensing and beyond (newbie)
From: David Lang <david.lang () digitalinsight com>
Date: Wed, 7 Sep 2005 18:43:51 -0700 (PDT)
Vahid Pazirandeh wrote:Hello everyone, I come from a linux admin background and have an assignment to setup a pixfirewall. This is new territory and will be my first time playing with pix osinstead of iptables. Please excuse my newb questions, but we all start somewhere. :-)
I'm just having to deal with pix firewalls again after ~5 years of linux boxes, boy do I wish I could just use linux (it does what I tell it to do, not what it assumes I want to do ;-)
I would say definantly run with the OS at version 7, especially if you don't nessasarily want the NAT configuration that they assume that you will, it's an incredible pain to disable on lower revs.
1. Which model? Our servers are in a co-location with a 100mbit drop. Wouldthat make the 515E the right choice if we actually want to make use of our bandwith? The pix becomes the bottleneck?
note that the network cards are plugged into 32 bit PCI slots on the 515 and 525 which limits it's total I/O to ~330Mb, but this is the combined inbound and outbound traffic so I would take the rateing of a 515 at 180Mb with a very large dose of salt (the 525 is rated at 300Mb, which given the PCI limits would be ~150Mb in one interface and ~150Mb out a second interface)
I don't know what the 535 boxes have for true I/O capacity, but they start to get _really_ expensive.
4. How many physical ports do the pix firewalls typically come with? It seemslike it's 2: one uplink, one downlink. I can already think of 3 security levels that I want my servers separated into. Does that mean I have to buy expansion slots? Or should I use VLANs instead?
they do sell a quad 100Mb card for these machines, but watch the total throughput.
-- There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX firewall licensing and beyond (newbie) Vahid Pazirandeh (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Ryan Steinmetz (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Victor Williams (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) David Lang (Sep 07)
- RE: PIX firewall licensing and beyond (newbie) Paul Melson (Sep 07)