Designing and Building Enterprise DMZs

PIX/ASA Firewall Design and Configuration Checklist

Use this checklist in designing and configuring your PIX firewall:

  1. Gather DMZ requirements.

  2. Design the DMZ environment to the specification of the requirements.

  3. Select one of the five PIX or four ASA firewall chassis.

  4. Select the optional components of the PIX/ASA firewall.

  5. Select the correct PIX/ASA OS license (Restricted, Unrestricted, Failover, and Failover Active/Active).

  6. Optionally, select an encryption license (DES and 3DES).

  7. Configure the PIX/ASA s console and terminal interfaces.

  8. Set security levels on the PIX/ASA interfaces.

  9. Set IP addresses and speed/duplex settings on the active interfaces.

  10. Configure outbound NAT statements.

  11. Configure inbound NAT statements.

  12. Configure outbound access rules controlling access from internal resources to specific resources on the Internet or other less secure interfaces.

  13. Configure inbound access rules controlling access to resources on the DMZ. Remember to be as specific as possible.

  14. Configure static or dynamic routing.

  15. Should high availability be required, configure the failover or stateful failover feature.

  16. If required, configure URL filtering, cut-through proxy, application inspection, and intrusion detection.

  17. Lock down SNMP and NTP.

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Firewalls
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.