11-06-2001 12:11 AM - edited 03-08-2019 09:05 PM
Hi, if I would like to create a DMZ by using PIX,
does the minimum requirement is PIX-515R plus one 1-FE card ??
Can I create a DMZ by using PIX 501 ?
11-09-2001 06:55 PM
A DMZ requires a 3rd ethernet port if you want to do it on the same device. the 501 and 506 have an inside and an outside - that's it. The 515R is the first level to support 3 IFs on the same device. Now I suppose you could use two 501's or two 506's and have one do the internal and one do the DMZ but that would create more headache in creating extra ACLs and such. It is technically possible though. A DMZ by definition is a semi-public network that is seperate from your internal LAN.
11-16-2001 01:22 PM
I am interested in something similar. I have Microsoft ISA server, and was going to use that as the internal firewall, and have the 501 as the external. The 501 would also have a public webserver attached to it's switch. The only traffic allowed in would be http and smtp, both of which would be directed to the ISA server. The ISA server would not allow anything in except a mail relay to an internal server. That would essentially provide the DMZ capability I would need, would it not? I only have 1 IP, so I need to NAT my DMZ server anyway (which is what I am doing now with ISA). I beleive this would give me better protection.
Also, can yo usee any problems setting up a VPN connection originating at the internet, to an internal VPN server? Could I setup a tunnel between the internal server and the 501? THen I would authenticate at the 501 and have a path to the inside? Am I on the right track here?
Thanks
Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide