Common practice? 831 SOHO then PIX 501 for inside LAN?

itdaddy · April 2008

hey gurus

i am changing my home linksys/belarc wifi router to a pix 501/831 soho architecture.

what do you think.. I have heard both sides but am confused. Ithink I should
set the PIX 501 behind the 830 soho, so to have the 831 soho facing the ISP gateway.
and accept DHCP IP from its DHCP server.

so what confuses me is this. Do i leave the gateway 831 firewall off? and just leave as a
gateway easy interface setup with DHCP on WAN side and Static LAN ip on the private side facing the PIX501 port? and then config firewall on PIX501? I have seen this on Cisco site why can't I just forget the 831 SOHO and connecto WAN side to firewall (or vice versa.) or what is the reason to have FWL -> SOHO? Isnt it a wast of resources or is it a layered security approach??
thanks

itdaddy · April 2008

what 72 views and did i asks this question before? is that why no response

both have firewalls built in and well i have seen cisco have this kind of setup
to me it is waste of router since the pix has a 4 port lan side ports?
okay i will just do it and work it! thought you guys could give meyour advice

thanks anyways

mikej412 · April 2008

itdaddy wrote:

i have seen cisco have this kind of setup

Does the firewall have a WAN interface?

If the firewall doesn't have a WAN interface that you need, then you use a router that supports that WAN interface in front of the firewall.

You may also have a router in front of a firewall if you also have a dedicated VPN Concentrator -- and you want VPN traffic to go one way and the rest of the traffic go to/through the firewall.

But it can also be a matter of personal preference. Some people like the security of a belt and suspenders. And someone else might think its cool to have their saggy baggy pants hanging down showing the world their underwear.

Do you gain anything by having 2 devices? Each additional device is another bump in the wire that could add some delay and/or latency to your connection.

itdaddy · April 2008

But it can also be a matter of personal preference. Some people like the security of a belt and suspenders. And someone else might think its cool to have their saggy baggy pants hanging down showing the world their underwear.

oh my god dude is that funny or show the world their crack! haahahha i am not from that era
showing my skibbies my 16 year old son is.haahaha i laugh every time and tell him i can see
his poop! fix those pants! i tell him.....

yeah the pix has a WAN....i do like the IOS on the soho better..though pix ios is somewhat similar. I might just config both for experience but eventually use the soho 831 in front for the main fwl and protection..maybe an inside and outside firewall setup

thanks a lot big guy!

Robert

mikej412 · April 2008

mikej412 wrote:

If the firewall doesn't have a WAN interface that you need

I'm talking about real world WAN Interfaces.... not the dinky Ethernet port labeled WAN on a dinky home router

You can check out the Internetworking Technology Handbook for a greater selection of WAN Technologies that you may find in front of a Firewall in a business environment, not a home/soho environment.

If you have Cable/DSL, LRE, or Metro Ethernet -- the dinky Ethernet interface on the firewall may be enough -- if it supports the QoS you may need to implement.

itdaddy · May 2008

great thanks

yeah i do not like the linksys or belarc crap that is hwy i am pushing my home network
to pix then 831 soho behind it

Common practice? 831 SOHO then PIX 501 for inside LAN?

Comments