Managing and Maintaining the PIX Firewall Review

This chapter looked at the Cisco PIX Device Manager (PDM) as a graphical interface tool to facilitate configuration and monitoring one or more PIX Firewalls. While particularly useful for those administrators who lack a solid knowledge of the PIX Firewall command-line interface (CLI), the PDM is an easy tool for any administrator to use to access most of the PIX functionality.

PDM monitoring features include real-time graphs and data, including connection, IDS, and throughput information for the selected PIX Firewall. You can view up to five days of historical data. The tabbed-page graphical interface with Windows Explorer-like controls on the left side makes it easy to check setting, configuration, or performance.

PDM v2.1, which runs on any PIX Firewall supporting the v6.2 operating system, added two wizards to greatly simplify the basic PIX Firewall setup, as well as both site-to-site and remote access VPN connections.

The failover features are available on the larger PIX devices to provide rapid and reliable redundancy. The two units that make up a failover pair must be physically identical. After configuring the primary unit, the standby will receive the configuration, making it identical to the primary right down to the IP and MAC addresses. Each time the primary boots up, the configuration is copied to the standby unit, or a write standby command can be used to accomplish the same thing.