Checklist: How to configure a PIX firewall

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information:

Email Address:

By joining SearchNetworkingChannel.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

To read more you must become a member of SearchNetworkingChannel.com

As an existing member of the TechTarget network please activate your SearchNetworkingChannel.com account

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

AGE] Step 1 Using the terminal or computer you connected to the console port during the PIX firewall installation, connect to the firewall using a program such as HyperTerminal, which is provided with Windows 2000 and XP.

[IMAGE] Step 2 Once you get to the unprivileged command prompt, which should appear as pixfirewall>, proceed to configuration mode (pixfirewall (config)#) by first entering the enable command to get to the privileged mode (pixfirewall #)and then the config terminal command.

[IMAGE] Step 3 Initially configure PIX firewall.

[IMAGE] Step 4 Exit configuration mode and save the configuration in flash memory with the "write memory" command.

[IMAGE] Step 5 Once you return to the priveleged mode, change the default password with the "enable password" command.

[IMAGE] Step 6 Monitor the network interface traffic with the "show interface" command. If both interfaces show that packets are input and output, then the firewall is functioning. If not, ensure that the interface and route commands are specified correctly.

[IMAGE] Step 7 Use the ping command to ensure that hosts on the inside and outside of the network are visible to the firewall.

[IMAGE] Step 8 Test the network to ensure that you can ping between inside hosts, between outside hosts, and from an inside host to an outside host.

[IMAGE]Step 9 Back up your configurations in case you need them as part of restoring the system.

[IMAGE] How to initially configure the PIX firewall

[IMAGE] Access configuration mode and enter the following commands:

[IMAGE] • Line 1 pixfirewall(config)# interface ethernet inside auto.

[IMAGE] • Line 2 pixfirewall(config)# interface ethernet outside auto .

[IMAGE] • Line 3 pixfirewall(config)# ip address inside ip_address netmask

[IMAGE] • Line 4 pixfirewall(config)# ip address outside ip_address netmask

[IMAGE] • Line 5 pixfirewall(config)# global 1 ip_address_start-ip_address_end

[IMAGE] • Line 6 pixfirewall(config)# nat 1 0.0.0.0

[IMAGE] • Line 7 pixfirewall(config)# route inside 0.0.0.0 0.0.0.0router_ip_address hops

[IMAGE] • Line 8 pixfirewall(config)# route outside 0.0.0.0 0.0.0.0router_ip_address hops

[IMAGE] • Line 9 pixfirewall(config)# write memory

[IMAGE] Alternatively, you can enter lines 1 through 4 and then complete your configuration with a Web browser and the HTTP configuration feature of PIX Firewall.

[IMAGE] What does each configuration command mean?

[IMAGE] Line 1 indicates that you are using an Intel 10/100 automatic speed-sensing network interface card. This statement and that in line 2 set the interface speed. If the system contains 3Com Ethernet boards, replace auto with 10baseT. If the system contains Token Ring cards, replace ethernet with token and auto with either 4mbps or 16mbps.

[IMAGE] Lines 3 and 4 assign the IP addresses to the inside and outside network interface cards.

[IMAGE] Line 5 assigns a pool of NIC-registered IP addresses for use by outbound connections. Enter a class address such as the address of 192.168.42.1-192.168.42.254 to assign IP addresses 192.168.42.1 through 192.168.42.254.

[IMAGE]

Lines 7 and 8 let you assign default routes to the inside and outside network interfaces. If your system lets routers advertise default routes, these lines can be omitted. (Hops is the number of hops from the firewall to the default router, usually one.)

About the author

Judith M. Myerson is a systems engineer/architect and a communications and electronics consultant/instructor. While as the former ADP Security Officer/Manager and Network Security Officer at a U.S. naval facility, she led a computer security program for an enterprise infrastructure of networks, servers, operating systems, and communications. A holder of Master of Science degree in Engineering, she is the editor of Enterprise Systems Integration, 2nd edition (Auerbach 2001) and the author of RFID in the Supply Chain: a Guide to Selection and Implementation (Auerbach, 2007). She is also the author of "Defense-in-Depth for multiple SOAs" (IBM, 2006) and "Mitigate risks for vulnerability with a SLA guarantee" (IBM, Jan 2005). Contact Judith directly.

Rate this Tip
To rate tips, you must be a member of SearchNetworkingChannel.com. Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.