Q

Can you explain the procedure for creating a de-militarized zone in PIX Firewall?

Can you explain the procedure for creating a de-militarized zone in PIX Firewall? I am planning to secure my network using DMZ.
For security reasons, it is generally not advisable to provide access to your local LAN from the Internet. But often times organizations do have some Web servers, mail servers, etc., which they want to remain accessible from the Internet. So these servers are kept in a separate zone called DMZ, which is accessible from Internet.

If you want to create a DMZ in PIX, then you will need to configure at least three interfaces in your PIX:

  1. inside interface – This interface is connected to your local LAN.
  2. outside interface – This interface is connected to your Internet router.
  3. DMZ interface – This interface is connected to your DMZ network. You will have to assign this interface a security level between 1 and 99.

Once these interfaces have been configured, you must configure PIX to let it know what access should be granted from the Internet towards the DMZ. This can be done using the access-list command.

This was last published in June 2004

Dig Deeper on Network Security Best Practices and Products

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close