Re: PIX FOS v. 7

bizsnatch · ‎03-08-2005

If I'm using the Transparent Firewall capability of the PIX, can I have multiple VLANs hanging off the inside interface? I know the management IP of the PIX has to be on the same network as the IP's that connect to manage.

It would seem logical if it's just an inline layer 2 device, it would be able to sit on the perimeter of a newtork that has multiple VLANs inside.

thanks,

biz

Daniel Amendoeira · ‎03-08-2005

As you say, if it's just an inline layer 2 device - a very fancy cable - how is it logical to connect to several vlan's at the same time?

Stated on the FOS capabilities in transparent mode, you can only have 2 interfaces - hence the fancy cable terminology.

What you can do is create several virtual transparent domains, each connecting one end to a common 'outside', and the other end to each protected VLAN.

Of course this could mean more $$$...

Daniel

shariqashfaq · ‎03-08-2005

My 2 cents: when you say multiple vlans, you keep in mind that there r vlan limitation w.r.t. interface no# a pix support, I ran into same probe few weeks ago, and now i throw my 515 in store cuze it cant handle my switched network , pix donot support real trunk, so a real transparent behavior (like a bump in wire thing) is not possible with pix 5xx series, yeah..you can go for FWSM, like i did, which solves this porbe

bphan · ‎03-13-2005

Shariqashfaq:

PIX 7.0 will support transparent firewall feature just as FWSM currently does.

Regards,

Binh

shariqashfaq · ‎03-14-2005

true BINH,

but where is it? I've been hearing that PIX 7 is releasing soon, soon and soon, but when...we dont know,,,mayb i'm a little behind on this news, did cisco announced the date of availability?

regards

shariq

bphan · ‎03-14-2005

Shariq:

The plan is to release it for download on CCO at the end of this month.

Best regards,

Binh