11-15-2004 07:58 AM - edited 02-20-2020 11:44 PM
We have a Pix 525 unrestricted and another 525 for the failover. Am looking at upgrading the keys for the failover to make it into an unrestricted PIX. I only have 1 route out and am wondering if having 2 Pix firewalls going to the same route out would make any sense. I know I could use one for VPN traffic etc. I am looking on the Cisco site for any configuration examples to see if pursuing the cost of upgrading and implementing another PIX would be an added security bonus or is not necessary.
Thanks.
11-15-2004 03:00 PM
I really don't see any benefit to this. You'd be better off just leaving them in a failover setup and then you have a backup. If you use one purely for VPN access, if it has a hardware failure then all your VPN access is down. Similarly if the other one dies you lose all your Internet access. At least if they're in a failover situation if one dies you still have access for both Internet and VPN.
11-16-2004 12:22 AM
Hello ,
If you want the setup like this :--
LAN---PIX1---PIX2---Router---Internet
than although the other PIX can provide you more security , bu rather you can upgrade the Router IOS to Firewall enabled & Router can act as the First wall of protection.
Thanks
Vijay Tyagi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide