Firewall Wizards mailing list archives
Re: PIX firewall licensing and beyond (newbie)
From: Ryan Steinmetz <rpsfa () rit edu>
Date: Wed, 7 Sep 2005 11:33:45 -0400
On (09/05/05 20:40), Vahid Pazirandeh wrote:
Hello everyone, I come from a linux admin background and have an assignment to setup a pix firewall. This is new territory and will be my first time playing with pix os instead of iptables. Please excuse my newb questions, but we all start somewhere. :-) 1. Which model? Our servers are in a co-location with a 100mbit drop. Would that make the 515E the right choice if we actually want to make use of our bandwith? The pix becomes the bottleneck?
The 515E should suffice, it is capable of handling about 180mbit of traffic.
2. I'm a little uneasy about the licensing. What are the typical features I should make sure that are included (e.g., 3DES)? What should I watch out for.
3DES/AES licenses are free from cisco.com. Details about the licensing options are available at: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html It breaks down to either a Restricted (R) license or an Unrestricted (UR) license. There is also a seperate license for Failover units (see above URL). The Restricted license is limited to 3 physical ports and a maximum of 5 ports (via an 802.1q trunk). In order to add more ports, you will need the UR license.
3. I read somewhere that vlan support is only in pix os 6.3. Is vlan support also based on which model I'm using, or do all pix firewall models have this feature?
All PIXs running 6.3 or above that are equal to or higher in model than the 515 will support 802.1q trunks.
4. How many physical ports do the pix firewalls typically come with? It seems like it's 2: one uplink, one downlink. I can already think of 3 security levels that I want my servers separated into. Does that mean I have to buy expansion slots? Or should I use VLANs instead?
There are 2 restricted bundles available, one has 3 ports, the other has 2. The PIX has 2 expansion slots, one of which would be in use if you purchased the model with 3 ports. You could use VLANs, the only thing you need to keep in mind is that the interface itself is still limited to 100mbit.
5. Any recommendations on a location to order the pix firewall and licensing from? Good deals, good support, etc.
CDW (www.cdw.com) is always a safe bet, however, you may be able to find it cheaper elsewhere. Support is typicall handled through Cisco via a SMARTnet contract (which is also available from the place you choose to buy the PIX from).
6. Any recommendations on some online reading that will help with implementing the pix firewall? It would help to see some example network layouts to get a better idea of how the components should be pieced together.
Cisco's documentation can be helpful. Check out their website at www.cisco.com
Here are a few places that I've already scoped out: http://www.netcraftsmen.net/welcher/papers/pix01.html (also: pix02-pix04.html) http://www.examcram2.com/articles/article.asp?p=101741&seqNum=1 Your guidance would be very helpful. Thanks for a great mail list! A PIX student in training, -Vahid ============================================= "Make it better before you make it faster." ============================================= ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- Ryan Steinmetz Systems Administrator Finance & Administration Systems & Technology Rochester Institute of Technology 585.475.5663 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX firewall licensing and beyond (newbie) Vahid Pazirandeh (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Ryan Steinmetz (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) Victor Williams (Sep 07)
- Re: PIX firewall licensing and beyond (newbie) David Lang (Sep 07)
- RE: PIX firewall licensing and beyond (newbie) Paul Melson (Sep 07)