Ask the Expert

Can you explain the procedure for creating a de-militarized zone in PIX Firewall?

Can you explain the procedure for creating a de-militarized zone in PIX Firewall? I am planning to secure my network using DMZ.

    Requires Free Membership to View

For security reasons, it is generally not advisable to provide access to your local LAN from the Internet. But often times organizations do have some Web servers, mail servers, etc., which they want to remain accessible from the Internet. So these servers are kept in a separate zone called DMZ, which is accessible from Internet.

If you want to create a DMZ in PIX, then you will need to configure at least three interfaces in your PIX:

  1. inside interface – This interface is connected to your local LAN.
  2. outside interface – This interface is connected to your Internet router.
  3. DMZ interface – This interface is connected to your DMZ network. You will have to assign this interface a security level between 1 and 99.

Once these interfaces have been configured, you must configure PIX to let it know what access should be granted from the Internet towards the DMZ. This can be done using the access-list command.

This was first published in June 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: