Building the firm walls of the enterprise PIX Firewall special configuration

The choice of high-grade complete network security equipment is every successful enterprise essential networking facilities, but in fact there are threats in more networks coming from within the enterprise, so it's not enough to just protect the boundaries of network formation, and building an integrated, multi-level security architecture can provide more thorough and practical protection, To improve the internal security awareness of enterprises is to solve the enterprise network security.

Introduction to PIX Firewalls

The PIX (Private Internet Exchange) firewall is a top-quality firewall product in the Cisco product family. The PIX firewall can be deployed in a wide variety of design scenarios. As a simple scenario, the PIX firewall may have only two interfaces, one interface to the protected internal network (the internal interface), and the other to the public network (external interface), which generally refers to the Internet. Here the so-called internal and external have special meaning, and each interface in the PIX firewall configuration is named inside Interface (internal) and outside interface (external) respectively.

In order for companies to take advantage of the Internet connection, some servers typically have to be accessible to the outside world, which includes DNS, SMTP, and any public Web servers that the enterprise can have. The DNS server must be accessible in order to convert the host name to an IP address that can be used for datagram addressing. Although these servers can be placed in the internal network behind the firewall, it is strongly recommended that you do not do so. Because any one of these hosts is compromised, it can cause intruders to access the internal network easily. If these servers are placed in the DMZ, the PIX firewall can allow internal users unrestricted access to these hosts while restricting external users from accessing them.

From the market share, the State datagram Firewall is the leading type of firewall product. Most markets show that the PIX firewall or Chechpoint software company's firewall often occupy the first place in the market. There are a total of 58 pix Unique features in the specific configuration of the PIX firewall, some of which are obvious, some are slightly hidden, some are started by default, and others need to be manually configured. Let's take a look at some of the following in the enterprise network needs special "attention" to the characteristics of the configuration method, in order to make full use of the PIX firewall, for the enterprise networks to improve the safety factor.