PDM

[ChrisAC]

I'm hearing a lot about the PIX Device Manager (PDM) but I've never actually used it or even seen it! Has anybody out there got any screen shots that they could share with sample configs!

Cheers.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[asplearner]

I just installed the PDM today. I didn't know much about it either but it is really nice. It's just a graphical interface to the pix command line. Instead of typing in the commands, you use a web browser to configure the pix.

 

[RishMaster]

asplearner, could i get a copy of that off you?

 

[Guest_imported]

I used it to do the initial configuration on my Pix 515.
It is a bit like the GUI client that comes with Checkpoint Firewall-1, which I have used a fair bit, but operates though the web browser instead. At this stage of it's development (version 1.12) it has some drawbacks.
1. It doesn't handle VPNs at all or any sort of encryption setup for that matter.
2. It is designed to use access lists rather than conduit commands although it will parse a conduit command however it tries to interpret it as an access list command.
3. It doesn't seem to cope with applying an access list to more than one interface and does strange things if you do.
I think it will be really good in a couple of versions time. It is very good for doing the initial configuration, naming interfaces, putting in hostnames, ip addresses, routes, setting up syslog etc.
My 2 cents.
Regards
Rob

 

[ChrisAC]

But is it really easier than doing it at a command line! Personally I find using a console or terminal session quite easy and can configure the basic stuff quite quickly. What's the benefits of using the PDM?

Having said that, I was recently on a PIX course with a colleague who is a bit of a FW-1 guru. However, with the PIX he was completely lost without his graphical interface and pretty icons and seemed to be having a bit of a tough time! On the other hand I've done a fair bit of PIX configuration in the past and do a lot of router work and so I was completely happy! Maybe in that case my colleague would have found the PDM easier!

Each to their own I guess! We've got some really clever folks who look after the mail and web servers and stuff and are complete gurus on Unix and Linux when working on the command line, but can't use Windows!

Go figure!

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[Guest_imported]

You are quite correct. If you had never done any Pix or Cisco router configuration you would find it much easier to use PDM to create a basic configuration, add a web and mail server etc. You can download PDM from the CCO site if you have a login.
To create VPN tunnels, use vpdn, multiple access lists, AAA stuff and the like you would have to resort to the command line anyway.
You final comment probably applies to me. I am far more at home with Solaris, Sendmail, Apache Web server etc than with Windows 2000.
Cheers
Rob

 

[asplearner]

Hey Rob,
Could you help me with the setup for vpn? I have read some but find it a little confusing.
Thanks,
Jason
jwhitaker@co.moore.nc.us

 

[Guest_imported]

Jason,
I haven't set up vpn on a Pix yet! At the moment we are still using PPTP. When all the network changes we are doing are in place I will attempt to change our PPTP tunnels to VPN tunnels Pix to Pix. At the moment I'm afraid, I'm still at the bottom of the Pix learning curve. Pix does seem a good solution for small to medium sized enterprises. All my previous experience is with FW-1 which is really good, but the method of licensing in this country makes it prohibitively expensive for other than large enterprises.
Regards
Rob