PIX Firewalls

NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
Although they aren't mentioned on the blueprint for the CCIE Security how relevant to you think that PIX is to the exam? I know that ASA has mostly taken its place today but don't people still use them in the real world (isn't it a good practice to have an understanding of legacy systems and how they work)?

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    I think there's usually a discrepancy between what's necessary for a cert and what's necessary in the real-world ;)
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Although they aren't mentioned on the blueprint for the CCIE Security how relevant to you think that PIX is to the exam? I know that ASA has mostly taken its place today but don't people still use them in the real world (isn't it a good practice to have an understanding of legacy systems and how they work)?

    I will be dipping my feet back into the PIX world soon enough. Not for the lab but for work. PIX isn't very difficult to use but like anything else you need to put some time in. Should PIX surface in my work I will be expected to be an ace with it ;) About 6 years ago I ran into one and problems with an interconnection between a hosted environment and a customer. My firewall experience was checkpoint and although fresh to PIX I managed to configure it by command line. Things didn't work out and in a call with the admin at the other side he was put off by my not using PDM to configure and assumed I didn't know what I was doing. He was right in one sense. After numerous complaints the connection magically worked a couple of days of whining later. I guess he forgot to configure something his side ;)
  • SysAdmin4066SysAdmin4066 Member Posts: 443
    Real world for sure. I've worked with a few ASAs but mostly it's been PIX. And PIX and ASA syntax is different enough to warrant some confusion on certain commands. I would definitely learn PIX as well as ASA.
    In Progress: CCIE R&S Written Scheduled July 17th (Tentative)

    Next Up: CCIE R&S Lab
  • apd123apd123 Member Posts: 171
    Real world for sure. I've worked with a few ASAs but mostly it's been PIX. And PIX and ASA syntax is different enough to warrant some confusion on certain commands. I would definitely learn PIX as well as ASA.

    This is really only true of legacy PIX OS. I just did a cutover from a PIX pair running 8.0 to an ASA pair running 8.2 and other than changing half a dozen lines like ethernet 0 to ethernet 0/0 the config pasted right in.
  • tierstentiersten Member Posts: 4,505
    I think it would still be useful. There are plenty of old PIX boxes lurking in businesses everywhere. If you can configure the latest/greatest ASA then you shouldn't have too much trouble in working out the differences between 8.x and older releases.

    If you're looking to buy a Cisco firewall for lab usage then something like the PIX 515e or PIX 525 would probably be better than a new ASA. The ASAs only run PIX OS 7.x and above. If you want anything older then you need a PIX and of those, the larger/newer models like the 515e and 525 will also run the latest PIX OS 8.x.

    PEMU will run PIX OS but there are/were some issues regarding transparent mode and a few other things the last time I checked.
  • CCIE-4-HIRECCIE-4-HIRE Member Posts: 59 ■■□□□□□□□□
    PIX is cheaper than ASA and 90% of everything is mostly the same. The ASA is more IOS-like. There are differences like nat-control default bahavior, inspection rules, and even some minor vpn stuff, and well lots of things, but the core items are mostly the same. ACLs, Policy Nat, Security Levels, etc. The same. You can't go wrong with learning version 6.3.5 or better yet 7.x.x
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    A PIX running 7.2 +, or 8.0x will get you 95% or so of what you can do with an ASA for lab purposes.
    Having some knowledge of 6.x is handy for migrations but you will rarely see it in production.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.