The PDM is just one of several GUI interface tools used to configure and monitor the PIX firewall. PDM is a Java Web-based interface that enables configuration of your firewall via a secure HTTPS connection. The tool is designed for a single firewall system. However, Cisco does have another GUI interface tool called the Cisco Secure Policy Manager (CSPM) that supports centralized management of several security systems simultaneously ”PIX is one such security system.
PIX Device Requirements, Client Needs, and Limitations
The PIX PDM version 2.1 supports all models ”501, 506/506E, 515/515E, 520, 525, and 535 models that run the PIX firewall software 6.2 or higher. The following is a list of all the requirements for these models:
The encryption of DES or 3DES is required because of the HTTPS, Secure Socket Layer (SSL) connection needed to use the PDM interface. This SSL connection allows secure traffic to pass between the interface and Web browsers and typically used port 443.
Clients Using the PDM
The Java-based interface doesn't require a client installation; only an HTTPS connection to the firewall, which will download and execute the Java applets required to run the interface, is needed. Table 13.1 lists the client platforms that can run the interface.
Table 13.1. Supported Clients
The PDM can configure almost all commands necessary to make the PIX firewall work. However, several commands and features are not supported; the PDM might, in fact, prevent you from setting up certain configurations on the firewall with the GUI. When this happens, the only option you can use is the Monitoring tab, which we will look at later. Following is a list of commands not supported on the PDM:
See Cisco's Web site for other unsupported commands. Figure 13.1 displays the error message displayed when an unsupported command, such as the alias command, is found.
Figure 13.1. The unsupported commands alert box.