adding DMZ 1

[cahelmster]

Being new to PIX firewalls, what steps do I need to take to add a DMZ to our existing setup of inside/outside with NAT? The DMZ will contain an SMTP server. Also, what security level should be put on the DMZ interface to run the mail server?

Thanks for all responses!

 

[yizhar]

HI.

The pix must have an additional interface for that.
So first of all check your pix hardware:

What pix is it (only pix 515 and above support DMZ)?

What will an additional NIC cost you
(cisco "original" NIC can cost much.
A compatible Intel PCI NIC can work for you at 1/4 price,
but Cisco wouldn't be happy to support this).

For the configuration stage, simply use the samples from Cisco web site and/or your pix manuals.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[cahelmster]

It's a PIX 515R and I have the additional Cisco NIC already. I just need some good documentation on how to set everything up.

Thanks

 

[yizhar]

HI Again.

For the configuration you can use -
* pix manuals.
* cisco samples from cisco web site.
* PDM
* pixcript from my site.

You must note that adding an SMTP mail relay, requires also reconfiguration of your internal mail server, and DNS MX records - you will need to change the MX record *OR* you may need to change the STATIC translation at the pix so the external ip of your mail server will now map to the new mail relay.

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar