wilson2468
Technical User
I have a PIX 515E with 7.1 set up in tandem with another and configured for stateful failover.
There are six interfaces total and four are being used:
Inside
Outside
customer
failover
The customer interface is set up in a DMZ sort of scenario with a security level of 10.
What I want to do is add a DMZ to the firewall for an FTP server.
I am not wanting to disturb any of the existing config as far a security policies go at the momment.
I have started to add the DMZ interface with IP address and a warning comes up that changing the security levels of interfaces can prevent traffic from entering or leaving interfaces.
I want to give the security level of the DMZ a 10 also.
My questions are:
If I add this interface and start to configure it, am I in danger of stopping the traffic through the existing config?
Can this be done on the fly, or is it something that you have to really be careful with?
What if I am not going to enable it just yet?
Can I give the new DMZ the same security level of the other customer Interface?
There are six interfaces total and four are being used:
Inside
Outside
customer
failover
The customer interface is set up in a DMZ sort of scenario with a security level of 10.
What I want to do is add a DMZ to the firewall for an FTP server.
I am not wanting to disturb any of the existing config as far a security policies go at the momment.
I have started to add the DMZ interface with IP address and a warning comes up that changing the security levels of interfaces can prevent traffic from entering or leaving interfaces.
I want to give the security level of the DMZ a 10 also.
My questions are:
If I add this interface and start to configure it, am I in danger of stopping the traffic through the existing config?
Can this be done on the fly, or is it something that you have to really be careful with?
What if I am not going to enable it just yet?
Can I give the new DMZ the same security level of the other customer Interface?