Q

Can you explain the procedure for creating a de-militarized zone in PIX Firewall?

Can you explain the procedure for creating a de-militarized zone in PIX Firewall? I am planning to secure my network using DMZ.
For security reasons, it is generally not advisable to provide access to your local LAN from the Internet. But often times organizations do have some Web servers, mail servers, etc., which they want to remain accessible from the Internet. So these servers are kept in a separate zone called DMZ, which is accessible from Internet.

If you want to create a DMZ in PIX, then you will need to configure at least three interfaces in your PIX:

  1. inside interface – This interface is connected to your local LAN.
  2. outside interface – This interface is connected to your Internet router.
  3. DMZ interface – This interface is connected to your DMZ network. You will have to assign this interface a security level between 1 and 99.

Once these interfaces have been configured, you must configure PIX to let it know what access should be granted from the Internet towards the DMZ. This can be done using the access-list command.

This was first published in June 2004

Dig deeper on Network Security Best Practices and Products

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close