Firewall Wizards mailing list archives

Re: PIX firewall licensing and beyond (newbie)

From: David Lang <david.lang () digitalinsight com>
Date: Wed, 7 Sep 2005 18:43:51 -0700 (PDT)

Vahid Pazirandeh wrote:

Hello everyone,

I come from a linux admin background and have an assignment to setup a pix

firewall. This is new territory and will be my first time playing with pixos

instead of iptables.  Please excuse my newb questions, but we all start
somewhere. :-)

I'm just having to deal with pix firewalls again after ~5 years of linuxboxes, boy do I wish I could just use linux (it does what I tell it todo, not what it assumes I want to do ;-)

I would say definantly run with the OS at version 7, especially if youdon't nessasarily want the NAT configuration that they assume that youwill, it's an incredible pain to disable on lower revs.

1. Which model? Our servers are in a co-location with a 100mbit drop.Would
that make the 515E the right choice if we actually want to make use of our
bandwith?  The pix becomes the bottleneck?

note that the network cards are plugged into 32 bit PCI slots on the 515and 525 which limits it's total I/O to ~330Mb, but this is the combinedinbound and outbound traffic so I would take the rateing of a 515 at 180Mbwith a very large dose of salt (the 525 is rated at 300Mb, which given thePCI limits would be ~150Mb in one interface and ~150Mb out a secondinterface)

I don't know what the 535 boxes have for true I/O capacity, but they startto get _really_ expensive.

4. How many physical ports do the pix firewalls typically come with? Itseems

like it's 2: one uplink, one downlink.  I can already think of 3 security
levels that I want my servers separated into.  Does that mean I have to buy
expansion slots?  Or should I use VLANs instead?

they do sell a quad 100Mb card for these machines, but watch the totalthroughput.


--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no 
deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX firewall licensing and beyond (newbie) Vahid Pazirandeh (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Ryan Steinmetz (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Victor Williams (Sep 07)
  - Re: PIX firewall licensing and beyond (newbie) David Lang (Sep 07)
- RE: PIX firewall licensing and beyond (newbie) Paul Melson (Sep 07)