Help to configure a PIX 515

dazormiq
Topic Author
Offline
New Member

19 years 5 months ago #6192 by dazormiq

Help to configure a PIX 515 was created by dazormiq

We recently bought 2 new PIX 515e's so I have my 2 old 515's laying around. I was wanting to put the firewalls between our production network and a test network I have running, allowing pretty much internet traffic (mainly for updates and trial program downloads) and thats it. I would rather my production network not even be able to see anything on the tet network, be it computer names shared files, or anything else.

As far as I can figure it that I need to allow DNS traffic and port 80, but I haven't been able to get internet traffic to be able to go in/out of the test network.

I know this isn't really required but it will be good practice with the firewalls and it never hurts to know how to do stuff with a firewall.

Any ideas are good ideas for me right now.

Thanks,
Dazormiq

IFTY
Offline
New Member

19 years 5 months ago #6195 by IFTY

Replied by IFTY on topic Re: Help to configure a PIX 515

Hi Dazormiq
you post a diagram of your required network and if you have made any configuration on the pix also post here.what IOS version running on the pix?

dazormiq
Topic Author
Offline
New Member

19 years 5 months ago #6209 by dazormiq

Replied by dazormiq on topic Re: Help to configure a PIX 515

I am running 6.3.3 (about to upgrade it to the newest). It was our in production firewall so it is configured like crazy, but it can all be removed.

As for the diagram......

| PIX |

| main network|

| Internet |

|
|

| test network|

Again all I want to do is isolate all traffic to and from my test network while allowing only traffic for my test network to be able to download from the internet.

FallenZer0
Offline
Premium Member

19 years 5 months ago #6210 by FallenZer0

Replied by FallenZer0 on topic Re: Help to configure a PIX 515

/Edit: I've no idea what I was writing. Sorry.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle

arcange
Offline
New Member

19 years 5 months ago #6262 by arcange

Replied by arcange on topic Re: Help to configure a PIX 515

Well I am not sure to understand your question, and I dont know you skill, if you dont what traffic from the main network to get to the test network you should just configure you outside interface to block all traffic. i fI am not wrong the ios deny all by default if not just put an access list deny.

to allow traffic to the internet from your test network, just put an access list permit to your gateway, however this depend you the main network architecture. you will probabily nat the test network subnet to the firewall outside interface, then you have to allow the outside interface ip to reach the gateway/router.

All that to say that it is depend on you main network architecture too.

take care

MaXiMuS
Offline
Senior Member

19 years 5 months ago #6318 by MaXiMuS

Replied by MaXiMuS on topic Re: Help to configure a PIX 515

Hi Dazormiq,

With Pix firewall you assign security levels to your interfaces .It by default allows all traffic originating from a higher securty level interface to a lower one and denies all traffic originating from a lower to higher interface .

So u can simply assign your test interface a much higher security level than your production network interface and for internet access configure your pix to perform NAT at the production network interface and set the default route as your gateway router.

Hope this helps !!