Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

Similar presentations


Presentation on theme: "© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager."— Presentation transcript:

1 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager

2 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the PDM and its capabilities. Describe PDM’s browser and PIX Firewall requirements. Prepare the PIX Firewall to use PDM. Navigate the PDM configuration windows.

3 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-3 Objectives (cont.) Describe other tools that PDM provides. Install PDM. Configure inside to outside access through the PIX Firewall using PDM. Configure outside to inside access through the PIX Firewall using PDM. Test and verify PDM functionality.

4 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-4 PDM Overview

5 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-5 What Is PDM? Internet PDM is a browser-based configuration tool designed to help configure and monitor your PIX Firewall. SSL Secure Tunnel

6 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-6 PDM Features Works with PIX Firewall software versions 6.0 and higher Can operate on PIX Firewall models 506, 515, 520, 525, and 535 Implemented in Java to provide robust, real-time monitoring Runs on a variety of platforms Does not require a plug-in software installation Comes preloaded into Flash memory on new PIX Firewalls running versions 6.0 and higher For upgrading from a previous version of PIX Firewall, it can be downloaded from Cisco and then copied to the PIX Firewall via TFTP Works with SSL to ensure secure communication with the PIX Firewall

7 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-7 PDM Limitations PDM does not currently support the VPN and IPSec commands, specifically –ca –crypto –ip local pool –vpdn The isakmp identity command is supported for use with the SSL feature of PDM

8 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-8 PDM Operating Requirements

9 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-9 PDM’s PIX Firewall Requirements A PIX Firewall must meet the following requirements to run PDM: You must have version 6.0 installed on the PIX Firewall before using PDM. If you are using a new (version 6.0) PIX Firewall, you have all the requirements. You must have an activation key that enables DES or the more secure 3DES, which PDM requires for support of the SSL protocol. You must have at least 8 MB of Flash memory on the PIX Firewall. Ensure that your configuration is less than 100 KB (approximately 1500 lines). Configurations over 100 KB cause PDM performance degradation.

10 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-10 PDMs Browser Requirements To access PDM from a browser,you must meet the following requirements: JavaScript and Java must be enabled. Browser support for SSL must be enabled.

11 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-11 Supported Platforms Windows SUN Solaris Linux

12 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-12 Prepare for PDM

13 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-13 PDM Configuration Tasks Before you can use or install PDM, you need to enter the following information on the PIX Firewall via a console terminal: –Password –Time –Inside IP address –Inside network mask –Hostname –Domain name –IP address of host running the PDM You must also enable the HTTP server on the PIX Firewall

14 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-14 Using PDM

15 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-15 Startup Wizard The PDM Startup Wizard enables you to easily perform basic configuration of the PIX Firewall.

16 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-16 Overall Layout PDM consists of five major configuration areas: Access rules Translation rules Hosts or networks System properties Monitoring

17 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-17 Access Rules The Access Rules tab shows your entire network security policy.

18 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-18 Access Rule Types There are three rule types on the Access Rules tab: Access Rules AAA Rules Filter Rules

19 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-19 Translation Rules The Translation Rules tab enables you to view all the address translation rules applied to your network.

20 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-20 Manage Global Address Pools In the Manage Global Address Pools window, you can view, define new, or delete existing global address pools used in dynamic NAT rules.

21 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-21 Hosts and Networks On the Hosts/Networks tab you can view, edit, add to, or delete from the list of hosts and networks defined for the selected interface.

22 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-22 Create Host and Networks Within basic information of the Create host/network window, you specify values for the IP address, netmask, interface, and name of a host or network.

23 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-23 System Properties On the System Properties tab, you can configure the following: Interfaces Failover Routing DHCP servers PIX administration Logging AAA URL filtering Intrusion detection

24 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-24 Interface Panel The Interfaces panel enables you to enable, disable, and edit the configuration of network interfaces.

25 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-25 Monitoring The Monitoring tab enables you to access the various monitoring features of PDM.

26 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-26 Interface Graphs Panel The Interface Graphs panel enables you to monitor per- interface statistics, such as packet counts and bit rates, for each enabled interface on the PIX Firewall.

27 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-27 Other Tools

28 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-28 Command Line Interface This panel provides a text-based tool for sending CLI commands to the PIX Firewall and displaying responses.

29 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-29 Ping Tool This panel provides a ping tool which is useful for verifying the configuration and operation of a PIX Firewall and surrounding communications links, as well as the basic testing of other network devices.

30 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-30 Preview Command Tool The Preview Commands Before Sending to PIX option enables you to preview any proposed configuration changes to the PIX Firewall before they are applied.

31 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-31 Summary

32 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-32 Summary PDM is a browser-based tool used to configure your PIX Firewall. PDM does not currently support VPN and IPSec commands. Minimal setup on the PIX Firewall is required to run PDM. PDM contains several tools in addition to the GUI to help configure your PIX Firewall.

33 © 2001, Cisco Systems, Inc. CSPFA 2.0—16-33 Lab Exercise

34 © 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0—16-34 Lab Visual Objective Inside host running PDM in browser Pod perimeter router PIX Firewall 192.168.P.0/24.1 e1 inside.1.3 10.0.P.0 /24 e0 outside.2 Internet e2 dmz.1 Bastion host, web, and FTP server 172.30.1.50 Backbone, web, FTP, and TFTP server.2 172.16.P.0/24


Download ppt "© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager."

Similar presentations


Ads by Google