Using the PDM to Configure the PIX Firewall


The PDM can be used to edit almost all the commands supported on the PIX firewall. Most of the PDM functionality is broken up into six main tabs and wizards. This section provides an overview of the following wizards and main tabs:

  • Access Rules

  • Transition Rules

  • VPN

  • Host/Networks

  • System Properties

  • Monitoring

graphics/alert_icon.gif

Make sure you know that the five main configuration areas are Access Rules, Translation Rules, VPN, Host/Networks, and System Properties.


The Access Rules Tab

The Access Rules tab enables configuration of which traffic is permitted or denied access through the firewall. Access lists, AAA rules, and URL filter rules can be configured on this tab (refer to Figure 13.7).

The Translation Rules Tab

The Translation Rules tab enables you to configure NAT pools and PAT configuration. On this screen you can manage pools of addresses by clicking the Manage Pools button. Figure 13.9 displays this screen.

Figure 13.9. The Translation Rules tab.

graphics/13fig09.jpg

The VPN Tab

The VPN tab is a very powerful screen that enables you to create VPN connections. This screen enables you to set the transform sets, IKE parameters, site-to-site settings, and even remote-access VPN settings, to name a few. Figure 13.10 displays this screen.

Figure 13.10. The VPN tab.

graphics/13fig10.jpg

The Host/Network Tab

The Host/Network tab enables you to configure access list object groups for networks and hosts. The Host/Network section of the screen creates hosts and networks that can be used on the groups' commands on the right side of the screen. For example, you can create WWW, mail, and FTP server entries and then group them together in an object group using the Host and Network group section of the screen. Figure 13.11 displays this screen.

Figure 13.11. The Host/Network tab.

graphics/13fig11.jpg

The System Properties Tab

The System Properties tab enables you to configure just about everything else, including interfaces, failover, routing, DHCP servers, logging, AAA services, intrusion detection, and multicast (see Figure 13.12).

Figure 13.12. The System Properties tab.

graphics/13fig12.jpg

The Monitoring Tab

The Monitoring tab, as its name suggests, is used to provide several monitoring features of the PIX firewall. The PIX provides a wealth of information that can be monitored via this screen, shown in Figure 13.13.

Figure 13.13. The Monitoring tab.

graphics/13fig13.jpg

PDM Pull-down Menus

The pull-down menus also provide several configuration features and options. Figure 13.14 displays a snapshot of the PDM pull-down menu options.

Figure 13.14. Pull-down menus.

graphics/13fig14.jpg

The File Pull-down Menu

The File pull-down menu enables you to reset the firewall to the factory defaults, save the running configuration to flash or a TFTP server, or simply refresh the PDM interface. Figure 13.15 displays the options in the File menu.

Figure 13.15. File pull-down options.

graphics/13fig15.jpg

The Options Pull-down Menu

The Options pull-down menu enables you to select preferences and define three main settings: namely, preview commands, confirm before exiting, and display dialog about VPN wizards. The preview command preference is handy when you want to learn which commands the PDM is actually sending down to the firewall via the CLI. Figure 13.16 displays the preferences dialog box.

Figure 13.16. Preference options.

graphics/13fig16.jpg

The Wizards Pull-down Menu

The Wizards pull-down menu contains two wizards that help you configure the PIX firewall (see Figure 13.17). The Setup Wizard enables you to configure a basic firewall by answering simple questions, whereas the VPN Wizard enables you to configure a VPN configuration for either site-to-site or remote access. Figure 13.18 displays the first screen of the VPN Wizard.

Figure 13.17. The available wizards.

graphics/13fig17.jpg

Figure 13.18. The VPN Wizard's first screen.

graphics/13fig18.jpg

The PDM interface enables you to configure the PIX firewall using a Web-based interface. The PDM can be installed on almost all the PIX firewall products, and it provides several interface screens for PIX configuration. If commands are found that are not supported by the PDM, the interface warns you about them and sometimes even locks you out of all the configuration screens, thus limiting your monitoring ability. Lastly, the PDM contains two wizards that assist in the initial setup of the firewall's standard and VPN configurations.



CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net