- Posts: 3
- Thank you received: 0
Help to configure a PIX 515
19 years 11 months ago #6192
by dazormiq
Help to configure a PIX 515 was created by dazormiq
We recently bought 2 new PIX 515e's so I have my 2 old 515's laying around. I was wanting to put the firewalls between our production network and a test network I have running, allowing pretty much internet traffic (mainly for updates and trial program downloads) and thats it. I would rather my production network not even be able to see anything on the tet network, be it computer names shared files, or anything else.
As far as I can figure it that I need to allow DNS traffic and port 80, but I haven't been able to get internet traffic to be able to go in/out of the test network.
I know this isn't really required but it will be good practice with the firewalls and it never hurts to know how to do stuff with a firewall.
Any ideas are good ideas for me right now.
Thanks,
Dazormiq
As far as I can figure it that I need to allow DNS traffic and port 80, but I haven't been able to get internet traffic to be able to go in/out of the test network.
I know this isn't really required but it will be good practice with the firewalls and it never hurts to know how to do stuff with a firewall.
Any ideas are good ideas for me right now.
Thanks,
Dazormiq
19 years 11 months ago #6195
by IFTY
Replied by IFTY on topic Re: Help to configure a PIX 515
Hi Dazormiq
you post a diagram of your required network and if you have made any configuration on the pix also post here.what IOS version running on the pix?
you post a diagram of your required network and if you have made any configuration on the pix also post here.what IOS version running on the pix?
19 years 11 months ago #6209
by dazormiq
Replied by dazormiq on topic Re: Help to configure a PIX 515
I am running 6.3.3 (about to upgrade it to the newest). It was our in production firewall so it is configured like crazy, but it can all be removed.
As for the diagram......
| PIX |
| main network|
| Internet |
|
|
| test network|
Again all I want to do is isolate all traffic to and from my test network while allowing only traffic for my test network to be able to download from the internet.
As for the diagram......
| PIX |
| main network|
| Internet |
|
|
| test network|
Again all I want to do is isolate all traffic to and from my test network while allowing only traffic for my test network to be able to download from the internet.
- FallenZer0
- Offline
- Premium Member
-
Less
More
- Posts: 259
- Thank you received: 0
19 years 11 months ago #6210
by FallenZer0
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
Replied by FallenZer0 on topic Re: Help to configure a PIX 515
/Edit: I've no idea what I was writing. Sorry.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
19 years 11 months ago #6262
by arcange
Replied by arcange on topic Re: Help to configure a PIX 515
Well I am not sure to understand your question, and I dont know you skill, if you dont what traffic from the main network to get to the test network you should just configure you outside interface to block all traffic. i fI am not wrong the ios deny all by default if not just put an access list deny.
to allow traffic to the internet from your test network, just put an access list permit to your gateway, however this depend you the main network architecture. you will probabily nat the test network subnet to the firewall outside interface, then you have to allow the outside interface ip to reach the gateway/router.
All that to say that it is depend on you main network architecture too.
take care
to allow traffic to the internet from your test network, just put an access list permit to your gateway, however this depend you the main network architecture. you will probabily nat the test network subnet to the firewall outside interface, then you have to allow the outside interface ip to reach the gateway/router.
All that to say that it is depend on you main network architecture too.
take care
19 years 11 months ago #6318
by MaXiMuS
Replied by MaXiMuS on topic Re: Help to configure a PIX 515
Hi Dazormiq,
With Pix firewall you assign security levels to your interfaces .It by default allows all traffic originating from a higher securty level interface to a lower one and denies all traffic originating from a lower to higher interface .
So u can simply assign your test interface a much higher security level than your production network interface and for internet access configure your pix to perform NAT at the production network interface and set the default route as your gateway router.
Hope this helps !!
With Pix firewall you assign security levels to your interfaces .It by default allows all traffic originating from a higher securty level interface to a lower one and denies all traffic originating from a lower to higher interface .
So u can simply assign your test interface a much higher security level than your production network interface and for internet access configure your pix to perform NAT at the production network interface and set the default route as your gateway router.
Hope this helps !!
Time to create page: 0.137 seconds