That is a secure setup, about as secure as PIX can make for. To go any
more on that setup, running a firewall behind the pix would be necessary, and
even then that wouldnt help TOO much, so... ;-) IMHO Thats a pretty good setup,
just keep abreast of Cisco Field Notices on the PIX software and all.
Happy New Year,
+----Daniel "Cheez" Brown------------Global Data Systems-------+
| http://cheez.lowprofile.net | Security Advisor, Global Reach |
| cheez @
net | Cisco Systems WAN Specialist |
| UNIX/Linux/HP-UX specialist | Remote Management Specialist |
| If at first you don't succeed, redefine success. |
| Contrary to popular opinion, UNIX is user friendly. It just |
+-happens to be very selective about who it makes friends with.+
On Tue, 30 Dec 1997, Milton Shomo wrote:
> Hi gang-
> I would like to get some comments on how secure the following
> arrangement is:
> INTERNET- - - - -> Cisco PIX Firewall - - - - -> Web server running on NT40 and IIS 3.0
> The PIX is setup to deny all inbound traffic except what I expressly allow.
> The firewall is doing NAT from our Internet IPs to our private IPs. I have created
> a conduit allowing outside traffic to the Web server but only to tcp port 80.
> There are no other Internet services running on the Web server box.
> Milton Shomo, CNE