User Guide
Page 1
New for PDM 1.1 PDM Icon Legend Getting Started Applying Configuration Changes in PDM Refresh More about Internet Protocol (IP) Unsupported Commands Help Topics by Location Access Rules Translation Rules Hosts/Networks System Properties Monitoring Menus Additional Resources Top Security Resources PIX Firewall Documentation Cisco Technical Assistance Center>PIX Firewall PIX Firewall Top Issues PIX Firewall Product Literature Copyright © 2001 Cisco Systems, Inc. Index Glossary About PDM -
New for PDM 1.1 PDM Icon Legend Getting Started Applying Configuration Changes in PDM Refresh More about Internet Protocol (IP) Unsupported Commands Help Topics by Location Access Rules Translation Rules Hosts/Networks System Properties Monitoring Menus Additional Resources Top Security Resources PIX Firewall Documentation Cisco Technical Assistance Center>PIX Firewall PIX Firewall Top Issues PIX Firewall Product Literature Copyright © 2001 Cisco Systems, Inc. Index Glossary About PDM -
User Guide
Page 2
..., refer to "PDM Support for you to visually monitor your PIX Firewall using the PIX Firewall CLI or Cisco Secure Policy Manager (Cisco Secure PM). PDM is available on how to do this, refer to assist you . For instructions on all PIX 501, PIX 506, PIX 515, PIX 520, PIX 525, and PIX 535 platforms that were originally implemented using visual tools like...
..., refer to "PDM Support for you to visually monitor your PIX Firewall using the PIX Firewall CLI or Cisco Secure Policy Manager (Cisco Secure PM). PDM is available on how to do this, refer to assist you . For instructions on all PIX 501, PIX 506, PIX 515, PIX 520, PIX 525, and PIX 535 platforms that were originally implemented using visual tools like...
User Guide
Page 3
... "JDK Version" indicates your configuration is not enabled for DES, you can have version 6.0 installed on the PIX Firewall unit. Otherwise, a PIX Firewall unit must meet the following website: http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit-license-request.shtml q Verify that are discussed in the browser, PDM guides you by downloading the product...
... "JDK Version" indicates your configuration is not enabled for DES, you can have version 6.0 installed on the PIX Firewall unit. Otherwise, a PIX Firewall unit must meet the following website: http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit-license-request.shtml q Verify that are discussed in the browser, PDM guides you by downloading the product...
User Guide
Page 4
q Browser support for Netscape Communicator on any Windows platform or Windows 2000 running any browser. Note PIX Firewall software version 6.0 supports SSL 2.0, SSL 3.0, and TLS 1.0 in web browsers. q Windows 2000 (Service Pack 1), Windows NT 4.0 (Service Pack 4 and higher), Windows 98...this browser on the platform from which you access it. q Any Pentium or Pentium-compatible processor running CDE or OpenWindows window manager. PIX Firewall supports all browser encryption levels. PDM does not support use on computers equipped with at 350 MHz or higher. We recommend 192 MB...
q Browser support for Netscape Communicator on any Windows platform or Windows 2000 running any browser. Note PIX Firewall software version 6.0 supports SSL 2.0, SSL 3.0, and TLS 1.0 in web browsers. q Windows 2000 (Service Pack 1), Windows NT 4.0 (Service Pack 4 and higher), Windows 98...this browser on the platform from which you access it. q Any Pentium or Pentium-compatible processor running CDE or OpenWindows window manager. PIX Firewall supports all browser encryption levels. PDM does not support use on computers equipped with at 350 MHz or higher. We recommend 192 MB...
User Guide
Page 6
An access list allows you to specify what type of traffic to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for entering configuration and monitoring commands to a Java applet. By default, traffic that is not explicitly permitted is denied. CLI... are implemented by saving a small text file on what type of information accumulated from the CLI. Cookie-A cookie is roughly equivalent to the PIX Firewall. See also TACACS+, RADIUS Access Control, Access Control Rule, ACE-Information entered into an interface. See also IP Address, NAT, PAT, Static...
An access list allows you to specify what type of traffic to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for entering configuration and monitoring commands to a Java applet. By default, traffic that is not explicitly permitted is denied. CLI... are implemented by saving a small text file on what type of information accumulated from the CLI. Cookie-A cookie is roughly equivalent to the PIX Firewall. See also TACACS+, RADIUS Access Control, Access Control Rule, ACE-Information entered into an interface. See also IP Address, NAT, PAT, Static...
User Guide
Page 7
... addresses embedded in the protocol payload and providing access through the PIX Configuration, Config, Config File-The PIX Firewall file which are routed through the PIX Firewall for allocating IP addresses to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for Cisco security products including PIX firewalls, Cisco IOS firewalls, VPN routers and Intrusion Detection System (IDS) Sensors. CSPM also provides...
... addresses embedded in the protocol payload and providing access through the PIX Configuration, Config, Config File-The PIX Firewall file which are routed through the PIX Firewall for allocating IP addresses to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for Cisco security products including PIX firewalls, Cisco IOS firewalls, VPN routers and Intrusion Detection System (IDS) Sensors. CSPM also provides...
User Guide
Page 8
...other packet-swiched networks, as well as "intf2" for the first perimeter interface, "intf3" for transferring files between a particular network and a PIX Firewall. See also Fixup. Network layer Internet protocol that you are "intfn," such as video over local-area networks (LANs) and other "untrusted"... to the interface card's position in the intf string corresponds to identify a single host or network subnet for any network. In PIX Firewall configuration, a host is also the IP address of user-defined rules. Also any network-addressable device on any device on default rules...
...other packet-swiched networks, as well as "intf2" for the first perimeter interface, "intf3" for transferring files between a particular network and a PIX Firewall. See also Fixup. Network layer Internet protocol that you are "intfn," such as video over local-area networks (LANs) and other "untrusted"... to the interface card's position in the intf string corresponds to identify a single host or network subnet for any network. In PIX Firewall configuration, a host is also the IP address of user-defined rules. Also any network-addressable device on any device on default rules...
User Guide
Page 9
... , unlike RAM (Random Access Memory) retains its contents without power. Intranet-Intranetwork. See also network, Internet. Not the global Internet. Network-In the context of PIX Firewall configuration, a network is determined by the address's class), and the subnet field should be used to as determined by their use in the 32-bit...
... , unlike RAM (Random Access Memory) retains its contents without power. Intranet-Intranetwork. See also network, Internet. Not the global Internet. Network-In the context of PIX Firewall configuration, a network is determined by the address's class), and the subnet field should be used to as determined by their use in the 32-bit...
User Guide
Page 10
...addresses for each communication server, executing the command, and then disconnecting from a single IP address. Proxy-ARP-This feature enables the PIX Firewall to reply to the system. RPC-remote procedure call. Enables the controlled delivery of feature statistics, such as connections/second, xlates/... (Acronym stands Rivest, Shamir, and Adelman, the inventors of the technique.) RSH-Remote Shell Protocol. Primary, Primary unit-The PIX Firewall unit normally operating when two units are built or specified by clients and executed on the network. A protocol that are operating in...
...addresses for each communication server, executing the command, and then disconnecting from a single IP address. Proxy-ARP-This feature enables the PIX Firewall to reply to the system. RPC-remote procedure call. Enables the controlled delivery of feature statistics, such as connections/second, xlates/... (Acronym stands Rivest, Shamir, and Adelman, the inventors of the technique.) RSH-Remote Shell Protocol. Primary, Primary unit-The PIX Firewall unit normally operating when two units are built or specified by clients and executed on the network. A protocol that are operating in...
User Guide
Page 11
...used . SSH-Secure Shell) is a static address that provides strong authentication and encryption capabilities. This is a common way to the PIX Firewall console. A static address maps a local IP address to implement the features of a data character are allowed simultaneous access to a ...PAT. See also, address translation and access control rules. Enables call signaling. Spoofing is current and valid for the PIX Firewall before clients can support any SIP Voice over a single channel. Each protocol layer maintains state information in individual network devices...
...used . SSH-Secure Shell) is a static address that provides strong authentication and encryption capabilities. This is a common way to the PIX Firewall console. A static address maps a local IP address to implement the features of a data character are allowed simultaneous access to a ...PAT. See also, address translation and access control rules. Enables call signaling. Spoofing is current and valid for the PIX Firewall before clients can support any SIP Voice over a single channel. Each protocol layer maintains state information in individual network devices...
User Guide
Page 12
.... Websense-A third party filtering application that determines the IP address associated with a particular network computer. Websense enables group and username authentication between PIX Firewall and the server. Copyright © 2001 Cisco Systems, Inc. URL-Universal Resource Locator. WINS-Windows Internet Naming Service. TCP Intercept-With the TCP intercept feature, once the optional embryonic...
.... Websense-A third party filtering application that determines the IP address associated with a particular network computer. Websense enables group and username authentication between PIX Firewall and the server. Copyright © 2001 Cisco Systems, Inc. URL-Universal Resource Locator. WINS-Windows Internet Naming Service. TCP Intercept-With the TCP intercept feature, once the optional embryonic...
User Guide
Page 18
... q Field Descriptions q Defining a TFTP Server and Configuration File Name Important Notes If you have already set up a TFTP server in System Properties > PIX Administration > TFTP Server, you can select the Click here to use the existing TFTP server Configuration on which your TFTP Server. File>Write Configuration to...be selected by default. If not, follow the steps listed in this box will be saved on PIX, then Apply to PIX to have already set up a TFTP server in PDM to the PIX Firewall unit and applies them to the previous panel. . q Cancel-Discards changes and returns to the ...
... q Field Descriptions q Defining a TFTP Server and Configuration File Name Important Notes If you have already set up a TFTP server in System Properties > PIX Administration > TFTP Server, you can select the Click here to use the existing TFTP server Configuration on which your TFTP Server. File>Write Configuration to...be selected by default. If not, follow the steps listed in this box will be saved on PIX, then Apply to PIX to have already set up a TFTP server in PDM to the PIX Firewall unit and applies them to the previous panel. . q Cancel-Discards changes and returns to the ...
User Guide
Page 20
...server command to specify the interface and the path/filename on the PIX Firewall and TFTP, refer to the "Advanced Configurations" chapter of the Cisco Secure PIX Firewall Configuration Guide for communication from the PIX Firewall to the TFTP server is applied to the running configuration, PDM ... are included in this Help topic:: q TFTP and the PIX Firewall q Field Descriptions q Applying Changes to the PIX Firewall TFTP Servers and the PIX Firewall TFTP is specified in this way, configuration files can be written. PIX Firewall supports only one TFTP server. For more information on the ...
...server command to specify the interface and the path/filename on the PIX Firewall and TFTP, refer to the "Advanced Configurations" chapter of the Cisco Secure PIX Firewall Configuration Guide for communication from the PIX Firewall to the TFTP server is applied to the running configuration, PDM ... are included in this Help topic:: q TFTP and the PIX Firewall q Field Descriptions q Applying Changes to the PIX Firewall TFTP Servers and the PIX Firewall TFTP is specified in this way, configuration files can be written. PIX Firewall supports only one TFTP server. For more information on the ...
User Guide
Page 21
... the information displayed when it was opened or the last time Refresh was clicked while open . Applying Changes to the PIX Firewall Changes to the table made in the file name, to which will be written. For more information on Applying Configuration Changes. 2. ...a failover standby PIX Firewall unit. Field Descriptions The TFTP panel provides the following buttons to apply or discard changes: 1. Reset-Discards changes and reverts the panel to the information displayed when it was opened or the last time Refresh was clicked while open . Copyright © 2001 Cisco Systems, Inc....
... the information displayed when it was opened or the last time Refresh was clicked while open . Applying Changes to the PIX Firewall Changes to the table made in the file name, to which will be written. For more information on Applying Configuration Changes. 2. ...a failover standby PIX Firewall unit. Field Descriptions The TFTP panel provides the following buttons to apply or discard changes: 1. Reset-Discards changes and reverts the panel to the information displayed when it was opened or the last time Refresh was clicked while open . Copyright © 2001 Cisco Systems, Inc....
User Guide
Page 22
or . Write Configuration to System Properties>PIX Administration>TFTP Server . For more information, refer to TFTP Server... Use File>Write Configuration to TFTP Server... File Menu Refresh Refresh-Loads a fresh copy of the running configuration into your PDM by File>Write to Flash... TFTP server file(s)-Configuration file copies stored on a TFTP server by File>Refresh Configuration from PIX or . Write Configuration to Flash Write Configuration to Flash-Writes a copy of the running configuration to Flash memory in the PIX Firewall unit.
or . Write Configuration to System Properties>PIX Administration>TFTP Server . For more information, refer to TFTP Server... Use File>Write Configuration to TFTP Server... File Menu Refresh Refresh-Loads a fresh copy of the running configuration into your PDM by File>Write to Flash... TFTP server file(s)-Configuration file copies stored on a TFTP server by File>Refresh Configuration from PIX or . Write Configuration to Flash Write Configuration to Flash-Writes a copy of the running configuration to Flash memory in the PIX Firewall unit.
User Guide
Page 25
...q Cisco Secure Policy Manager (CSPM) and PDM When deployed for operation in the list below correspond to update Flash memory, TFTP servers, and failover standby units. q Internal r Running configuration r Flash memory q External r TFTP server r Failover standby unit PIX Firewall Configuration... File Terminology The numbers in your network, there are multiple copies of a PIX Firewall running configuration is modified by PDM or CLI console sessions, and how to the figure ...
...q Cisco Secure Policy Manager (CSPM) and PDM When deployed for operation in the list below correspond to update Flash memory, TFTP servers, and failover standby units. q Internal r Running configuration r Flash memory q External r TFTP server r Failover standby unit PIX Firewall Configuration... File Terminology The numbers in your network, there are multiple copies of a PIX Firewall running configuration is modified by PDM or CLI console sessions, and how to the figure ...
User Guide
Page 26
... PDM sessions may see them to Flash. 7. TFTP server file-Copies of the running configuration of the running configuration stored on the PIX Firewall unit which becomes the running configuration. 2. A copy of the standby unit can support multiple PDM sessions at boot and becomes the running... configuration, you click Refresh. Multiple PDM Sessions-The PIX Firewall can also be stored in the primary unit which determines its Flash memory by command to the information displayed when it opened or...
... PDM sessions may see them to Flash. 7. TFTP server file-Copies of the running configuration of the running configuration stored on the PIX Firewall unit which becomes the running configuration. 2. A copy of the standby unit can support multiple PDM sessions at boot and becomes the running... configuration, you click Refresh. Multiple PDM Sessions-The PIX Firewall can also be stored in the primary unit which determines its Flash memory by command to the information displayed when it opened or...
User Guide
Page 27
...Hypertext Transfer Protocol-Secure) protocol for that you make changes using your PDM CLI tool, your respective version. Before configuring your PIX Firewall from the PDM CLI tool, we recommend that it is also managing, when it maintains for Tools>CLI. CSPM keeps its ...q Monitoring>Secure Shell Sessions q Monitoring>Telnet Console Sessions If any other PDM sessions are in the running configuration. CSPM (Cisco Secure Policy Manager) and PDM Caution: If you review the Cisco PIX Firewall Command Reference for all the other PDM sessions when they click Refresh. Copyright © 2001...
...Hypertext Transfer Protocol-Secure) protocol for that you make changes using your PDM CLI tool, your respective version. Before configuring your PIX Firewall from the PDM CLI tool, we recommend that it is also managing, when it maintains for Tools>CLI. CSPM keeps its ...q Monitoring>Secure Shell Sessions q Monitoring>Telnet Console Sessions If any other PDM sessions are in the running configuration. CSPM (Cisco Secure Policy Manager) and PDM Caution: If you review the Cisco PIX Firewall Command Reference for all the other PDM sessions when they click Refresh. Copyright © 2001...
User Guide
Page 28
... the primary or active unit fails. When configured for failover. System Properties>Failover The Failover dialog box allows you to configure two PIX Firewall units so that a secondary or secondary unit can take over operation should the other fail. r Edit-Edit-Opens the Edit dialog... box. Stateful Failover allows the standby unit to maintain the state of the interface on the active PIX Firewall unit dedicated for this Help topic: q Field Descriptions q Enabling Failover q Editing Failover IP Addresses q Setting the Failover Poll Time q Enabling...
... the primary or active unit fails. When configured for failover. System Properties>Failover The Failover dialog box allows you to configure two PIX Firewall units so that a secondary or secondary unit can take over operation should the other fail. r Edit-Edit-Opens the Edit dialog... box. Stateful Failover allows the standby unit to maintain the state of the interface on the active PIX Firewall unit dedicated for this Help topic: q Field Descriptions q Enabling Failover q Editing Failover IP Addresses q Setting the Failover Poll Time q Enabling...
User Guide
Page 29
q Apply to PIX-Sends changes made in the standby unit is required to edit. 2. q Edit-Edit-Opens the Edit...to the last time you do not use FDDI because of each interface that the configuration in PDM to the PIX Firewall unit and applies them to edit the IP address of the interface that you selected from the Failover dialog box. ... return to the previous panel, click one of the following: q OK-Accepts changes and returns to the standby PIX Firewall. r HTTP Replication-Enables Stateful Failover to copy active HTTP sessions to the previous panel. Click OK. q Stateful ...
q Apply to PIX-Sends changes made in the standby unit is required to edit. 2. q Edit-Edit-Opens the Edit...to the last time you do not use FDDI because of each interface that the configuration in PDM to the PIX Firewall unit and applies them to edit the IP address of the interface that you selected from the Failover dialog box. ... return to the previous panel, click one of the following: q OK-Accepts changes and returns to the standby PIX Firewall. r HTTP Replication-Enables Stateful Failover to copy active HTTP sessions to the previous panel. Click OK. q Stateful ...