Ok, the office I work in is planning to obtain a PIX 525. I was wondering where in the network it should be installed... Right now we have two T1's for internet access, a DMZ segment, and an internal segment as well. Also, our current configuration requires that packets can be routed out the same interface then came in on. Where in the network should the PIX go? Should both WAN lines connect into it (along with DMZ and LAN) and then have an external router for the lan segment (allowing packets to be routed out thier incoming interface)? Not sure where to go with this one...
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
PIX installation question...
- Thread starter NoID
- Start date
Normally it goes behind the router handling your Internet.
T1s <-> Router <-Public Network->PIX
Your DMZ and Internal will be off of the PIX. The PIX will NOT route traffic and out the same interface. So if a packet comes in Ethernet1 it can't go out Ethernet1. That's a router's job, not a firewall's job.
T1s <-> Router <-Public Network->PIX
Your DMZ and Internal will be off of the PIX. The PIX will NOT route traffic and out the same interface. So if a packet comes in Ethernet1 it can't go out Ethernet1. That's a router's job, not a firewall's job.
NoID said:Good point. So two T1's, a DMZ, and an internal Lan would be four interfaces on a PIX. Right? Do the 525 (8 possible interfaces) would suffice. Or even a 515. Correct?
3 interfaces. The Two T1s aren't seperate since they are both your Internet access. A 515E should do it no problem. I run several 515E clusters with similar configs to yours.
NoID said:With the two T1's One is for only servers (OWA, SMTP, FTP) and the other is for users, will I be able to setup polices that will reflect such?
Yes...but it all depends on your addressing and network setup. Why bother? Just load balance both T1s and let the traffic go where needed. Use QoS to keep apps in check if one starts being a problem.
S
shade91
Guest
NoID said:Ok, the office I work in is planning to obtain a PIX 525. I was wondering where in the network it should be installed... Right now we have two T1's for internet access, a DMZ segment, and an internal segment as well. Also, our current configuration requires that packets can be routed out the same interface then came in on. Where in the network should the PIX go? Should both WAN lines connect into it (along with DMZ and LAN) and then have an external router for the lan segment (allowing packets to be routed out thier incoming interface)? Not sure where to go with this one...
Two T1's? What a huge waste of money. Totally unnecessary.
shade91 said:Two T1's? What a huge waste of money. Totally unnecessary.
Not everyone's network is in their basement. We have two T-1s and a 5Mb fiber connection to the Internet.