RE: Pix questions [7:43241]
Cisco Systems' PIX (Private Internet Exchange) Firewall ... Now you know, and knowing is half the battle. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Friday, May 03, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: Pix questions [7:43241] I am setting up a Pix 515 Unlimited I got the failover unit. If I want to use the 4-port DMZ card, do I need one for each chassis? What about a 1 Port? If I do need on each, how would you configure a web server to be redundant as well? I know you cant use the Same IP on both cards.. Is there some special software that you need to use to load balance between the DMZ interfaces? Maybe like a virtual IP? Also, what does Pix stand for, is it an Acronym for something? Or just the name of the proprietary embedded OS? Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43258&t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix questions [7:43241]
> I am setting up a Pix 515 Unlimited I got the failover unit. If I want > to use the 4-port DMZ card, do I need one for each chassis? > What about a > 1 Port? If I do need on each, how would you configure a web > server to be > redundant as well? I know you cant use the Same IP on both cards.. Is > there some special software that you need to use to load > balance between > the DMZ interfaces? Maybe like a virtual IP? If you are using PIX firewalls in failove configuration, they need to be identical in hardware configuration. Note that they work in standby failover configuration NOT in load balancing/load sharing configuration! To load balance services, you need some other device (LocalDirector comes to my mind). > Also, what does Pix stand for, is it an Acronym for something? Or just > the name of the proprietary embedded OS? PIX stands for Private Internet eXchange, if I remember well.. Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43255&t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix questions [7:43241]
For failover to work both PIXen must be the same model, have the same OS, and same number of interfaces. I would suggest using switches to connect like PIX interfaces. i.e. one switch (or VLAN) for the outside PIX interfaces, one switch for the DMZ interfaces, one switch for the inside interfaces. If you used that topology then the web server would only need one NIC which would connect to the DMZ switch. Check out the PIX OS documentation for the meaning of PIX. Something like Packet Internet eXchange. > -Original Message- > From: Brian Zeitz [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 03, 2002 12:59 PM > To: [EMAIL PROTECTED] > Subject: Pix questions [7:43241] > > > I am setting up a Pix 515 Unlimited I got the failover unit. If I want > to use the 4-port DMZ card, do I need one for each chassis? > What about a > 1 Port? If I do need on each, how would you configure a web > server to be > redundant as well? I know you cant use the Same IP on both cards.. Is > there some special software that you need to use to load > balance between > the DMZ interfaces? Maybe like a virtual IP? > > > > Also, what does Pix stand for, is it an Acronym for something? Or just > the name of the proprietary embedded OS? > > > > Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43254&t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix questions [7:43241]
Both PIX's should be Identical hardware and software wise. Depending upon which code version that you are using, the configuration is slightly different. On the primary you will assigns an interface IP address as well as a failover IP address. The secondary(failover) PIX will pull its IP's from the primary config. On older versions of code (5.x,4.x) you will need to connect every interface regardless of whether it Is enabled or shutdown. This is not a simple thing to understand so I don't want to just post the appropriate commands. If done incorrectly, nothing works. I will however provide some good links! http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm http://www.cisco.com/warp/public/110/top_issues/pix/pix_index.shtml In the case of a failover, the secondary PIX will assume the IP address assigned to the primary. If configured properly with statefull failover, You will maintain all your sessions through the FW. Private Internetwork eXchange. Thanks Larry -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: Pix questions [7:43241] I am setting up a Pix 515 Unlimited I got the failover unit. If I want to use the 4-port DMZ card, do I need one for each chassis? What about a 1 Port? If I do need on each, how would you configure a web server to be redundant as well? I know you cant use the Same IP on both cards.. Is there some special software that you need to use to load balance between the DMZ interfaces? Maybe like a virtual IP? Also, what does Pix stand for, is it an Acronym for something? Or just the name of the proprietary embedded OS? Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43250&t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix questions [7:43241]
I am setting up a Pix 515 Unlimited I got the failover unit. If I want to use the 4-port DMZ card, do I need one for each chassis? What about a 1 Port? If I do need on each, how would you configure a web server to be redundant as well? I know you cant use the Same IP on both cards.. Is there some special software that you need to use to load balance between the DMZ interfaces? Maybe like a virtual IP? Also, what does Pix stand for, is it an Acronym for something? Or just the name of the proprietary embedded OS? Thanks for your help everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43241&t=43241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
