Cisco PIX Firewall Basics

Posted on Updated on

Firewalls are essential components of an effective information security infrastructure. At its most basic level, a firewall is a hardware or software that filters traffic between your network and the Internet. The firewall (hardware) I am most familiar in using is the Cisco PIX (Private Internet eXchange) Firewall. It was one of the first products in the IP firewall and NAT appliance market segments.

Cisco PIX 501 FirewallPIX firewalls include the following security and network services features:

    • Network Address Translation (NAT) or Port Address Translation (PAT)
    • Content filtering
    • URL filtering
    • IPsec VPN
    • DHCP client/server
    • PPPoE support
    • Advanced security services for multimedia applications including Voice over IP (VoIP), H.323, SIP, Skinny

    Managing the firewall can be done through its integrated web-based management interface called PIX Device Manager (PDM), command-line interface (CLI), Telnet, Secure Shell (SSH), console port, SNMP, and syslog.

    Here are 10 steps to ensure your PIX Firewall is as secure as it can be:

    1. Password protect it
    2. Know your access-lists
    3. Log denials and errors
    4. Use SSH in place of Telnet
    5. Understand the ASA
    6. Enable optional security
    7. Keep the PIX OS and PDM patched
    8. Back up your configuration
    9. Use secure encryption
    10. Know your network

    Read more in detail here: Cisco PIX Firewall: Lock it down in 10 steps

    Most PIX Firewall models optionally support multiple outside or perimeter networks (also known as demilitarized zones (DMZs)). Connections between the networks can be controlled by the PIX Firewall.

    A Demilitarized zone (DMZ) is the most common and secure firewall topology, often referred to as a screened subnet. A DMZ creates a secure space between your Internet and your network. It will typically contain the following:

    • Web server
    • Mail server
    • Application gateway
    • E-commerce systems (It should contain only your front-end systems. Your back-end systems should be on your internal network.)

    In 2005, Cisco introduced the newer Adaptive Security Appliance (ASA) firewall that inherited much of PIX features, and in 2008 announced the PIX end-of-sale. I actually just found out about their discontinuity of the PIX firewall as I was doing some research for this blog post. However, the PIX technology is still sold in a blade, the FireWall Services Module (FWSM), for the Cisco Catalyst 6500 switch series and the 7600 Router series.

    Photo Credit: fzurell


    4 thoughts on “Cisco PIX Firewall Basics

      Saurooon said:
      April 20, 2009 at 1:21 am

      Ugh, I liked! So clear and positively.

      jimmy said:
      January 11, 2010 at 10:27 am

      it was pants

      matey said:
      January 11, 2010 at 10:30 am


    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s