This lesson provides an overview and explanation of security contexts. A
single PIX Security Appliance can be partitioned into multiple virtual
firewalls, known as security contexts. Each context is an independent firewall,
with its own security policy, interfaces, and administrators. Multiple contexts
are similar to having multiple stand-alone firewalls. This module continues
with a discussion of configuring and managing of security contexts.
A
firewall system working properly will provide network protection against many
threats. What happens when there is a loss of power, or some other problem, to
the firewall? Is network protection to be sacrificed in order to preserve
network availability, or should the network be protected by cutting links until
the problem is fixed? Fortunately, these situations can be avoided by
establishing failover protection to keep the system going in the event of a
firewall failure.
Students will be introduced to the two methods of PIX
Security Appliance failover. These methods are hardware failover and stateful
failover. Instructions will be given on how to configure each one of these in a
network environment.
This module also provides a discussion of
transparent firewall mode. A transparent firewall is a Layer 2 firewall that is
not seen as a router hop to connected devices. Because the PIX Security is not
a routed hop, a transparent firewall can easily be introduced into an existing
network.
The last topic covered in this module is PIX Security Appliance
management. This topic includes conducting system management via remote access,
configuring a PIX Security Appliance to support command authorization, and
performing image and activation key upgrades on PIX Security Appliances.
Password recovery is important to the PIX Security Appliance, and instructions
about how to do it are included. Instructions for image upgrade are included as
well.
 |
NOTE:
It is required that the student study the commands covered in the
chapter using the labs and the Command Reference. Not all required commands are
covered in sufficient detail in the text alone. Successful completion of this
course requires a thorough knowledge of command syntax and application.
|