Re: Cisco PIX 515e with ADSL and dynamic IP

cabizeid1 · ‎01-02-2006

I am interested in the Cisco Pix 515e for my web hosting clients. My goal is to provide

this single appliance to connect X amount of servers (Linux and Windows) to use as a shared appliance between these servers. I have several questions I hope you will

answer for me please.

Can I set QoS per server?

Can I set some police rules that it balance the service on the server, example: set bandwidth limit to HTTP service, to FTP service, etc.

Considering this will be shared firewall appliance among several clients, can we specify the IP addresses that can access different services? For example, we want to firewall off all ports except port 80 (to everyone) and terminal server (to specific IP addresses). Is that possible among a shared appliance?

Is it possible to setup a separate client login area on the same server, per client so they can setup their own requirements without interfering with others on the same appliance?

jackko · ‎01-03-2006

pix v7 would satisfy most of the requirements, such as qos. in fact, considering this unit would be a shared appliance between multiple clients, multiple contexts are especially useful.

basically, multiple contexts work like partitioning. i.e. one physical unit is virtually divided into multiple virtual firwalls. thus, modification on one virtual firewall (i.e. for one client) won't affect the others.

several limitation applies though, including no vpn, and pppoe for adsl. for instance, pix will not be able to terminate any vpn connection, only pass-through.