Scale PIX Firewall VPNs
The Cisco Secure PIX Firewall support of the IETF IPSec
standard allows an organization to scale its VPNs with much lower administrative
costs. The IPSec use of public digital keys administered by a CA, a third-party
vendor that registers public keys, allows for tremendous flexibility and
scalability in the evolution of the network.
Basic PIX Firewall features that further enhance the scalability
of the network security strategy include NAT/PAT, extensive protocol support
such as PPPoE and DHCP, the variety of interface NICs to support various
connectivity solutions, and PIX Firewall series capability to support from
64,000 to 256,000 simultaneous connections. This strategy protects the
organization’s investment in security technology.
PIX Firewalls with VPN support are incorporated into several
Cisco network management software solutions. Some of the key examples are
introduced in the next paragraphs.
CiscoWorks VPN/Security Management Solution (VMS)
CiscoWorks VPN/Security Management Solution (VMS) is Cisco’s
flagship integrated security management solution, which provides web-based tools
for configuring, monitoring, and troubleshooting enterprise VPNs, PIX, and IOS
firewalls, along with network and host-based intrusion detection systems (IDS).
CiscoWorks VMS is an integral part of the SAFE strategy for network security.
A key component of CiscoWorks VMS is the CiscoWorks Management
Center for PIX Firewalls and Auto Update Server Software that provides
unprecedented manageability for the PIX Firewall devices. The Management Center
maintains the Web-based “look and feel” of its smaller cousin, the Cisco PIX
Device Manager, but provides centralized management scalability for up to 1,000
Cisco PIX Firewalls.
CiscoWorks VMS is composed of a series of tools that reside
on a network management server (or servers), such as Windows 2000 Professional
Cisco Secure Policy Manager (CSPM)
With Cisco Secure Policy Manager (CSPM), it’s possible to
configure, manage, and monitor end-to-end any Cisco Systems security networks.
CSPM is a policy-based product that allows abstracting the
complexities of security networking to create high-level security policies,
which are independent of underlying device platforms and software releases. CSPM
is Cisco’s strategic security management platform for Cisco Secure PIX
Firewalls, Cisco Secure IOS Firewalls, Cisco IOS VPN routers, and Cisco Secure
Intrusion Detection System (IDS) sensors.
CSPM provides the following benefits:
Time savings using a configuration GUI
Centralized configuration and monitoring of remote security
Enhanced scalability by using policy inheritance
Easy security device monitoring with e-mail notification and
Latest versions of CSPM can be installed on systems running
Windows 2000 Professional or Windows 2000 Server with at least Service Pack 2.
Earlier versions support Windows NT 4.0 with Service Pack 6a. The GUI in
client/server installations can be installed on Windows 95, 98, 2000, and NT 4.0
systems. Report viewing is available through Netscape or Microsoft web browsers
using Secure Socket Layer (SSL).
Cisco PIX Device Manager
The Cisco PDM is a browser-based configuration tool for
configuring and monitoring the PIX Firewall. This is particularly useful for
those administrators who lack a solid knowledge of the PIX Firewall command-line
interface (CLI). By using a web browser to activate PDM, it can be used to
configure and monitor multiple PIX Firewall units from a single workstation.
Figure 21-3 shows the System Properties page of the PDM.
Figure 21-3: Basic PIX Firewall supporting
PDM facilitates configuring the PIX Firewall unit using a
Windows-like interface with drop-down menus and browser features, which are then
converted internally to the correct CLI commands for the PIX
unit to process. PDM performs the following functions.
Configuration wizards, such as the Startup Wizard and VPN Wizard,
provide step-by- step instructions through otherwise complex configuration
PDM monitoring features include real-time graphs and data,
including connection, IDS, and throughput information for the selected PIX
Firewall. You can view up to five days of historical data. The tabbed-page
graphical interface with Windows Explorer–like controls on the left side makes
it easy to check the setting, configuration, or performance.
The PIX Device Manager is covered in greater detail in the next
267 times read
Did you enjoy this article?
(total 0 votes)