Overview

This lesson provides an overview and explanation of security contexts. A single PIX Security Appliance can be partitioned into multiple virtual firewalls, known as security contexts. Each context is an independent firewall, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple stand-alone firewalls. This module continues with a discussion of configuring and managing of security contexts.

A firewall system working properly will provide network protection against many threats. What happens when there is a loss of power, or some other problem, to the firewall? Is network protection to be sacrificed in order to preserve network availability, or should the network be protected by cutting links until the problem is fixed? Fortunately, these situations can be avoided by establishing failover protection to keep the system going in the event of a firewall failure.

Students will be introduced to the two methods of PIX Security Appliance failover. These methods are hardware failover and stateful failover. Instructions will be given on how to configure each one of these in a network environment.

This module also provides a discussion of transparent firewall mode. A transparent firewall is a Layer 2 firewall that is not seen as a router hop to connected devices. Because the PIX Security is not a routed hop, a transparent firewall can easily be introduced into an existing network.

The last topic covered in this module is PIX Security Appliance management. This topic includes conducting system management via remote access, configuring a PIX Security Appliance to support command authorization, and performing image and activation key upgrades on PIX Security Appliances. Password recovery is important to the PIX Security Appliance, and instructions about how to do it are included. Instructions for image upgrade are included as well.

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.