Register

Forgot Password

Site FAQ

Home > IT Answers > Security > FIREWALL Cisco PIX525

Soteria

5 pts.

FIREWALL Cisco PIX525

Cisco Firewall, Cisco PIX 525, Firewall security, Firewalls

I'm thinking about using a CISCO PIX525(replacing the present PIX515) as a device for my firewall protection. What is the best common practice in the industry for setting up this device and publishing my VPN IP range?

Software/Hardware used:

ASKED: May 12, 2009 1:59 PM

UPDATED: May 13, 2009 3:18 PM

RELATED QUESTIONS

Answer Wiki:

I don't know that there's best common practice for this device...It really just depends on your business needs. I wrote some <a href="www.principlelogic.com/docs/Firewall_Best_Practices.pdf">general firewall best practices</a> that may help. Let us know if you have any specific questions. ==================== For some general best practice documents always consider <a href="http://csrc.nist.gov/publications/PubsSPs.html">NIST publications</a>. Check out the Special Publication 800-41 Guidelines on Firewalls and Firewall Policy and it's proposed revision. In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a> ====================

Last Wiki Answer Submitted: May 13, 2009 3:18 pm by KevinBeaver

10,800 pts.

All Answer Wiki Contributors: KevinBeaver

10,800 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: May 13, 2009 7:30 AM (GMT)

First I would ask why are you wanting to do this. The PIX515 you have is a good device for almost all sites up to a big medium sized business. The 525 is really for large corporate business. It is considerably noisier as well. The only advantage is that it is faster and allows Gigabit Ethernet interfaces (although they can not pass traffic at this rate due to hardware limitations in the PIX itself).

Both run exactly the same operating system, so anything you can do on the 525 you can already do on the 515.

If you want to change the config, to make it more robust, or to add new features, you can already do this with the PIX515, no need to change.

If you are looking to replace it anyway, then you should really look at the Cisco ASA5500 series, as these do everything that the PIX will do, but are MUCH faster, and have more interfaces and features as standard. Plus thay have additional modules available for virus filtering, IPS function etc.

BlankReg

12,215 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags