Cisco Pix 520 - pix firewall 520 Reference guide

Index

Glossary

About PDM - New for PDM 1.1

PDM Icon Legend

Getting Started

Applying Configuration Changes in PDM

Refresh

More about Internet Protocol (IP)

Unsupported Commands

Help Topics by Location

Access Rules

Translation Rules

Hosts/Networks

System Properties

Monitoring

Menus

Additional Resources

Top Security Resources

PIX Firewall Documentation

Cisco Technical Assistance Center>PIX Firewall

PIX Firewall Top Issues

PIX Firewall Product Literature

This topic includes the following sections:

Introduction●

About PDM Software●

System Requirements●

Introduction

Cisco PIX Device Manager (PDM) is the graphical user interface (GUI) for configuring and monitoring the Cisco

PIX Firewall.

PDM is available on all PIX 501, PIX 506, PIX 515, PIX 520, PIX 525, and PIX 535 platforms that are running

PIX Firewall software version 6.0 or higher.

PDM is designed to assist you in managing your network security. For example, PDM does the following:

Helps you configure your PIX Firewall using visual tools like task-oriented selections and drop-down

menus.

●

Sends PIX Firewall command-line interface (CLI) commands to the PIX Firewall unit for you.●

Enables you to visually monitor your PIX Firewall system, connections, IDS, and traffic on the interfaces.●

Can create new PIX Firewall configurations or modify existing configurations that were originally

implemented using the PIX Firewall CLI or Cisco Secure Policy Manager (Cisco Secure PM).

●

Monitors and configures one PIX Firewall unit at a time, but you can point your browser to more than one

PIX Firewall unit and administer several PIX Firewall units from a single workstation.

●

Runs on platforms that support Java and does not require a separate plug-in. (The PDM applet uploads to

your workstation when you point your browser at the PIX Firewall.)

●

Uses Secure Socket Layer (SSL) to secure communication between itself (PDM) and the PIX Firewall and

is a signed applet.

●

About PDM Software

If your PIX Firewall unit is new and shipped with PIX Firewall software version 6.0 or higher, the PDM software

is already loaded in the PIX Firewall Flash memory for you.

If you are upgrading from a previous version of PIX Firewall, you need to use TFTP from the PIX Firewall to

copy the PDM image to your PIX Firewall. For instructions on how to do this, refer to the PDM Installation

Guide and Using a TFTP Server.

Note If using PDM with an existing PIX Firewall configuration, refer to "PDM Support for PIX Firewall CLI

Commands," for information on which commands are supported and which are not.

System Requirements

This section includes the following topics:

PIX Firewall Requirements●

Browser Requirements●

PC/Workstation Requirements●

PIX Firewall Requirements

Caution The PIX Firewall must have PIX Firewall software version 6.0 or higher installed and running

for PDM to run. PDM does not run with earlier PIX Firewall software versions

If you are using a PIX Firewall already running PIX Firewall software version 6.0 or higher, then you have

already met all the requirements to run PDM that are discussed in "PIX Firewall Requirements"and can continue

to the "Browser Requirements" section. For example, PIX Firewall units that contain

PIX Firewall software version 6.0 or higher ship with a pre-installed DES activation key.

Otherwise, a PIX Firewall unit must meet the following requirements to successfully install and run PDM:

You must have an activation key that enables Data Encryption Standard (DES) or the more secure 3DES,

which PDM requires for support of the Secure Socket Layer (SSL) protocol.

●

If your PIX Firewall is not enabled for DES, you can have a new activation key sent to you by completing

the form at the following website:

http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit-license-request.shtml

●

Verify that your PIX Firewall meets all PIX Firewall software version 6.0 requirements listed in the

Release Notes for the Cisco Secure PIX Firewall Version 6.0(1) or higher. You must have version 6.0

installed on the PIX Firewall unit before using PDM. You can download version 6.0 and the PDM software

from the following website: http://www.cisco.com/cgi-bin/tablebuild.pl/pix

●

You must have at least 8 MB of Flash memory on the PIX Firewall unit.●

Ensure that your configuration is less than 100 KB (approximately 1500 lines). Configurations over 100

KB cause PDM performance degradation. You can view the size of your configuration with the CLI show

flashfs command as the length for "file 1."

●

Browser Requirements

The following are required to access one or more PIX Firewall units through PDM:

A JavaScript and Java enabled browser running JDK 1.1.4 or higher. If these are not enabled in the

browser, PDM guides you on how to enable them. To check which version you have, launch PDM. When

the PDM information window appears, the field "JDK Version" indicates your JDK version. If you have an

older JDK version, you can get the latest JVM from Microsoft by downloading the product called "Virtual

Machine."

●

Browser support for Secure Socket Layer (SSL) must be enabled. The supported versions of Internet

Explorer and Netscape Navigator support SSL without requiring additional configuration.

Note PIX Firewall software version 6.0 supports SSL 2.0, SSL 3.0, and TLS 1.0 in web browsers. PIX

Firewall supports all browser encryption levels.

●

PC/Workstation Requirements

PDM has different requirements depending on the platform from which you access it.

PDM is not supported for use on computers equipped with the Macintosh, Windows 3.1, or Windows 95

operating systems.

This section includes the following topics:

Windows Requirements●

SUN Solaris Requirements●

Linux Requirements●

Windows Requirements

The following requirements apply to the use of PDM with Windows. PDM does not support use on

Windows 3.1 or Windows 95.

●

Windows 2000 (Service Pack 1), Windows NT 4.0 (Service Pack 4 and higher), Windows 98, or Windows

ME.

●

Supported browsers: Internet Explorer 5.0 (Service Pack 1) or higher (5.5 recommended), Netscape

Communicator 4.51 or higher (4.76 recommended). We recommend Internet Explorer on Windows as

PDM may load faster into this browser on this operating system.

●

Any Pentium or Pentium-compatible processor running at 350 MHz or higher.●

At least 128 MB of random-access memory (RAM). We recommend 192 MB or more.●

An 800 x 600 pixel display with at least 256 colors. We recommend a 1024 x 768 pixel display and at least

High Color (16-bit) colors.

Note The use of virus checking software may dramatically increase the time required for PDM to start.

This is especially true for Netscape Communicator on any Windows platform or Windows 2000 running

any browser.

●

SUN Solaris Requirements

The following requirements apply to the use of PDM with Sun SPARC:

Sun Solaris 2.6 or later running CDE or OpenWindows window manager.●

SPARC microprocessor.●

Supported browser: Netscape Communicator 4.51 or higher (4.76 recommended).●

At least 128 MB of random-access memory (RAM).●

An 800 x 600 pixel display with at least 256 colors. We recommend a 1024 x 768 pixel display and at least

High Color (16-bit) colors.

●

Note PDM does not support Solaris on IBM PC

Linux Requirements

The following requirements apply to the use of PDM with Linux:

Red Hat Linux 7.0 running the GNOME or KDE 2.0 desktop environment.●

Supported browser: Netscape Communicator 4.75 or later version.●

At least 64 MB of random-access memory (RAM).●

An 800 x 600 pixel display with at least 256 colors. We recommend a 1024 x 768 pixel display and at least

16-bit colors.

●

A-D

AAA—Authentication, Authorization, and Accounting. See also TACACS+, RADIUS

Access Control, Access Control Rule, ACE—Information entered into the configuration which allows you to

specify what type of traffic to permit or deny into an the interface. By default, traffic that is not explicitly

permitted is denied.

ACL—Access Control List. A collection of Access Control Entries. An access list allows you to specify what

type of traffic to allow into an interface. By default, traffic that is not explicitly permitted is denied. See also Rule

ActiveX—A set of object-oriented programming technologies and tools used to create mobile or portable

programs. An ActiveX program is roughly equivalent to a Java applet.

Address Translation—The translation of a network address and/or port to another network address/or port.. See

also IP Address, NAT, PAT, Static PAT, Interface PAT.

A record address—"A" stands for address, and refers to name-to-address mapped records in DNS.

ARP—Address Resolution Protocol—A low-level TCP/IP protocol that maps a node's hardware address (called a

"MAC" address) to its IP address.

ASA—Adaptive Security Algorithm. Allows one-way (inside to outside) connections without an explicit

configuration for each internal system and application.

Cache—A temporary repository of information accumulated from previous task executions that can be reused,

decreasing the time required to perform the tasks.

CLI—Command Line Interface. The primary interface for entering configuration and monitoring commands to

the PIX Firewall. Refer to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for information

on what commands you can enter from the CLI.

Cookie—A cookie is a web browser feature which stores or retrieves information, such as a user's preferences, to

persistent storage. In Netscape and Internet Explorer, cookies are implemented by saving a small text file on your

local hard drive. The file can be loaded the next time you run a Java applet or visit a website. In this way

information unique to you as a user can be saved between sessions. The maximum size of a cookie is

approximately 4KB.

Client/server computing—Term used to describe distributed computing (processing) network systems in which

transaction responsibilities are divided into two parts: client (front end) and server (back end). Also called

distributed computing. See also RPC.

Conduit—An exception to the PIX Firewall Adaptive Security Algorithm permitting connections from external

to internal networks. Refer to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for

information on conduits.

Configuration, Config, Config File—The PIX Firewall file which represents the equivalent of settings,

preferences, and properties administered by PDM or the CLI. See also Configuration File Terminology.

CSPM—Cisco Secure Policy Manager (CSPM) is a multi-device management tool for Cisco security products

including PIX firewalls, Cisco IOS firewalls, VPN routers and Intrusion Detection System (IDS) Sensors. CSPM

also provides other management services including monitoring, notification and reporting. For more information,

see http://wwwin.cisco.com/cmc/cc/pd/sqsw/sqppmn/prodlit/csp22_rg.htm . Caution: CSPM operates on the

assumption that it is the only management interface for the PIX, and it will overwrite configuration changes made

through other means, including PDM. See CSPM and PDM in Applying Configuration Changes for additional

information.

Cut-Through Proxies—User-based authentication of inbound or outbound connections. Allows security policies

to be enforced on a per-user-ID basis, providing faster traffic flow after authentication.

DHCP—Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts

dynamically, so that addresses can be reused when hosts no longer need them.

DMZ—See Interface

DNS—Domain Name System (or Service). An Internet service that translates domain names, which are

alphabetic, into IP addresses, which are composed of numbers.

Dynamic PAT, NAT—See NAT, PAT, Address Translation.

E-H

ECHO—See Ping, ICMP. See also Fixup.

Failover, Failover mode—The PIX Firewall feature which links a primary unit and standby (or secondary) unit

together, sharing the same configuration file, so that, if the primary fails, the standby unit can continue to provide

network services. See also System Properties>Failover.

Fixup—A procedure the PIX Firewall employs to process certain application-level protocols. The specific

processing performed by a Fixup will vary by protocol, and can include tasks such as translating IP addresses

embedded in the protocol payload and providing access through the PIX Firewall for dynamically-created data

sessions.

Flash, Flash memory—A memory chip which retains data without power. A type of nonvolatile storage device.

The PIX Firewall configuration may written to its internal Flash by a menu item or . Note: Not related to

Macromedia Flash, a web animation plug-in and file format standard.

FragGuard feature—a Cisco feature that provides IP fragment protection and performs full reassembly of all

ICMP error messages and virtual reassembly of the remaining IP fragments that are routed through the PIX

Firewall.

FTP—File Transfer Protocol. Part of the TCP/IP protocol stack, used for transferring files between hosts. See

also Fixup.

H.323—A standard that enables video conferencing over local-area networks (LANs) and other packet-swiched

networks, as well as video over the Internet. See also Fixup.

Host—A computer, such as a PC, or other computing device, such as a server, associated with an individual IP

address and optionally a name. The name for any device on a TCP/IP network that has an IP address. In PIX

Firewall configuration, a host is distinguished from a network. Also any network-addressable device on any

network. The term "node" includes devices such as routers and printers which would not normally be called

"hosts".

Host/Network—An IP address and mask (or netmask) used with other information to identify a single host or

network subnet for PIX Firewall configuration, such as an address translation (xlate) or access control rule

(ACE).

HTTP, HTTPS—Hypertext Transfer Protocol, Hypertext Transfer Protocol, Secure. The protocol used by Web

browsers and Web servers to transfer files, such as text and graphic files. See also Fixup.

I-L

ICMP—Internet Control Message Protocol. Network layer Internet protocol that reports errors and provides other

information relevant to IP packet processing.

Implicit Rule—An Access Rule automatically created by the PIX Firewall based on default rules or as a result of

user-defined rules.

Inside—See Interface.

Interface, Interface Name—The physical connection between a particular network and a PIX Firewall. The

inside interface default name is "inside" and the outside interface default name is "outside." Any perimeter

interface default names are "intfn," such as "intf2" for the first perimeter interface, "intf3" for the second

perimeter interface, and so on to the last interface. The numbers in the intf string corresponds to the interface

card's position in the PIX Firewall. You can use the default names or, if you are an experienced user, give each

interface a more meaningful name.

Interface Names—Human readable name assigned to a PIX Firewall network interface, a physical network

connector. These names are customary and referenced by PIX Firewall documentation:

inside—The first interface, usually port 1, which connects your internal, "trusted" network protected by

your PIX Firewall.

●

outside—The first interface, usually port 0, which connects to other "untrusted" networks outside your PIX

Firewall; the Internet.

●

intfn—Any interface, usually beginning with port 2, which connects to a subset network of your design

that you can custom name and configure, for example, dmz to be an "inside" or "outside" type.

●

Interface PAT—The use of Port Address Translation where the PAT IP address is also the IP address of●

the outside interface. See PAT.

Internet—The global network which uses IP, Internet protocols. Not a LAN. See also intranet.

Intranet—Intranetwork. A LAN which uses IP, Internet protocols. See also network, Internet.

IP—Internet Protocol. The Internet protocols are the world's most popular open-system (nonproprietary) protocol

suite because they can be used to communicate across any set of interconnected networks and are equally well

suited for LAN and WAN communications.

IP Address—IP version 4 addresses are 32-bits, or 4 bytes, in length. This address "space" is used to designate

the following:

network number●

optional subnetwork number●

a host number●

The 32 bits are grouped into four octets (8 binary bits), represented by 4 decimal numbers separated by periods or

"dots". The meaning of each of the four octets is determined by their use in a particular network.

LAN—Local Area Network. A network residing in one location or belonging to one organization, typically, but

not necessarily using the Internet protocols. Not the global Internet. See also intranet, network, Internet.

M-P

Mask, IP Subnet Mask, Netmask, —A 32-bit bit mask which shows how an Internet address is to be divided

into network, subnet and host parts. The netmask has ones in the bit positions in the 32-bit address which are to

be used for the network and subnet parts, and zeros for the host part. The mask should contain at least the

standard network portion (as determined by the address's class), and the subnet field should be contiguous with

the network portion. See also IP Address, TCP/IP, host , host/network.

NAT—Network Address Translation. Mechanism for reducing the need for globally unique IP addresses. NAT

allows an organization with addresses that are not globally unique to connect to the Internet by translating those

addresses into globally routable address space. There are two types of NAT—static and dynamic. See also, PAT,

Static PAT.

Netmask—See Mask.

Network—In the context of PIX Firewall configuration, a network is a group of computing devices which share

part of an IP address space and not a single host. A network consists of multiple "nodes" or devices with IP

address, any of which may be referred to as "hosts". See also Internet, Intranet, IP, LAN.

Node—See host, network

Nonvolatile storage, memory—Storage or memory which, unlike RAM (Random Access Memory) retains its

contents without power. Data in a nonvolatile storage device survives a power-off, power-on cycle or reboot.

Outbound—Outbound CLI commands lets you specify whether inside users can create outbound connections.

Outside—See Interface.

PAT, Dynamic—Port Address Translation. Dynamic PAT lets multiple outbound sessions appear to originate

from a single IP address. With PAT enabled, the PIX Firewall unit chooses a unique port number from the PAT

IP address for each outbound translation slot (xlate). This feature is valuable when an Internet service provider

cannot allocate enough unique IP addresses for your outbound connections. The global pool addresses always

come first, before a PAT address is used. See also, Static PAT, More information about Dynamic NAT, NAT.

Perfmon—PIX feature which gathers and reports a wide variety of feature statistics, such as connections/second,

xlates/second, etc.

Ping—An ICMP request sent between hosts to determine if a host is accessible on the network.

PPTP—Point-to-Point Tunneling Protocol.

Primary, Primary unit—The PIX Firewall unit normally operating when two units are operating in Failover

mode.

Proxy-ARP—This feature enables the PIX Firewall to reply to an ARP request for IP addresses in the global

pool. See also

Q-T

RADIUS—Remote Authentication Dial-In User Service. See also AAA, TACACS+

Refresh—

RPC—remote procedure call. RPCs are procedure calls that are built or specified by clients and executed on

servers, with the results returned over the network to the clients. See also client/server computing.

Caution: RPC is not a very secure protocol and should be used with caution.

Route—path through an internetwork.

RPF—Reverse Path Forwarding.

RSA—A public-key cryptographic system which may be used for encryption and authentication. (Acronym

stands Rivest, Shamir, and Adelman, the inventors of the technique.)

RSH—Remote Shell Protocol. A protocol that allows a user to execute commands on a remote system without

having to log in to the system. For example, RSH can be used to remotely examine the status of a number of

access servers without connecting to each communication server, executing the command, and then disconnecting

from the communication server. See also Fixup.

RTSP—Real Time Streaming Protocol. Enables the controlled delivery of real-time data, such as audio and

video. RTSP is designed to work with established protocols, such as Routing Table Protocol (RTP) and HTTP.

See also Fixup.

Rule—Information added to the configuration to define your security policy in the form of conditional statements

that instruct the PIX Firewall how to react to a particular situation. See also, address translation and access

control rules.

Serial transmission—Method of data transmission in which the bits of a data character are transmitted

sequentially over a single channel.

SIP—Session Initiation Protocol. Enables call handling sessions, particularly two-party audio conferences, or

"calls." SIP works with Session Description Protocol (SDP) for call signaling. SDP specifies the ports for the

media stream. Using SIP, the PIX Firewall can support any SIP Voice over IP (VoIP) gateways and VoIP proxy

servers. See also Fixup.

SMTP—Simple Mail Transfer Protocol. Internet protocol providing e-mail services. See also Fixup.

Spoofing—The act of a packet illegally claiming to be from an address from which it was not actually sent.

Spoofing is designed to foil network security mechanisms such as filters and access lists.

SQL*Net—Structured Query Language protocol. An Oracle protocol used to communicate between client and

server processes. See also Fixup.

SSH—Secure Shell) is an application running on top of a reliable transport layer, such as TCP/IP, that provides

strong authentication and encryption capabilities. Up to five SSH clients are allowed simultaneous access to the

PIX Firewall console. See also Fixup.

Note: You must generate an RSA key-pair for the PIX Firewall before clients can connect to the PIX Firewall

console. To use SSH, your PIX Firewall must have a Data Encryption Standard (DES) or 3DES (Triple DES)

activation key.

Standby, Standby Unit, Secondary Unit—The backup PIX Firewall unit when two are operating in Failover

mode.

State, Stateful, Stateful Inspection—Network protocols maintain certain data, called state information, at each

end of a network connection between two hosts. State information is necessary to implement the features of a

protocol, such as guaranteed packet delivery, data sequencing, flow control, and transaction or session IDs. Some

of the protocol state information is sent in each packet while each protocol is being used. For example, a web

browser connected to a web server uses HTTP and supporting TCP/IP protocols. Each protocol layer maintains

state information in the packets it sends and receives. PIX Firewalls inspect the state information in each packet

to verify that it is current and valid for every protocol it contains. This is called stateful inspection and is designed

to create a powerful barrier to certain types of computer security threats.

Static PAT—Static Port Address Translation. A static address maps a local IP address to a global IP address.

Static PAT is a static address that also maps a local port to a global port. See also dynamic PAT.

Telnet—A terminal emulation protocol for TCP/IP networks such as the Internet. Telnet is a common way to

control web servers remotely.

TACACS+—Terminal Access Controller Access Control System Plus. Provides remote access authentication

and related services, such as event logging. User passwords are administered in a central database rather than in

individual network devices, providing an easily scalable network security solution. See also AAA, RADIUS

TCP Intercept—With the TCP intercept feature, once the optional embryonic connection limit is reached, and

until the embryonic connection count falls below this threshold, every SYN bound for the affected server is

intercepted. For each SYN, PIX Firewall responds on behalf of the server with an empty SYN/ACK segment.

PIX Firewall retains pertinent state information, drops the packet, and waits for the client's acknowledgment. If

the ACK is received, then a copy of the client's SYN segment is sent to the server and the TCP three-way

handshake is performed between PIX Firewall and the server. If and only if, this three-way handshake completes,

may the connection resume as normal. If the client does not respond during any part of the connection phase, then

PIX Firewall retransmits the necessary segment using exponential back-offs.

TCP/IP—Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable

full-duplex data transmission. See also IP, IP address.

TFTP—Trivial File Transfer Protocol. TFTP is a simple protocol used to transfer files. It runs on UDP and is

explained in depth in Request For Comments (RFC) 1350. See also Fixup.

Translate, Translation, Address Translation—See Xlate.

U-Z

UDP—User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP protocol that belongs to

the Internet protocol family.

URL—Universal Resource Locator. A standardized addressing scheme for accessing hypertext documents and

other services using a browser, for example, http://www.cisco.com/go/pix.

Websense—A third party filtering application that works with the PIX Firewall to deny users access to web sites

based on the company security policy. Websense enables group and username authentication between a host and

a PIX Firewall. The PIX Firewall performs a username lookup, and then the Websense server handles URL

filtering and username logging. See www.websense.com.

WINS—Windows Internet Naming Service. A Windows system that determines the IP address associated with a

particular network computer.

Xlate—An xlate, also referred to as a translation entry, represents a mapping of one IP address to another, or a

mapping of one IP address/port pair to another. See also NAT, PAT, Address Translation, IP Address.

A-D

AAA

AAA Authentication

AAA Server Groups

AAA Servers

About PDM

Access Rules

Address, IP

Administration

Antispoof

Apply, Applying Config Changes

Authentication, See also Password

Authorization

Bookmarks, Graph

CLI Tool

Console Sessions, Secure Shell Sessions, Telnet Console Sessions,

PDM Users

Default Route, Wizard, See also Route

DHCP Admin, Monitor DHCP Clients

E-H

Failover

FixUps, FixUps List

Fragment

FTP FixUp

Glossary

Graphs

H323 FixUp

History Metrics

Hosts/Networks

HTTP FixUp

HTTPS, PDM, Monitoring>Connection Graphs>HTTPS

M-P

Mail Server, Wizard, SMTP FixUp

Mask, Netmask

Miscellaneous Help

Monitor, Monitoring, Monitoring Graphs

NAT, Wizard

Navigation Contents, Getting Started,

Glossary, About PDM

Netmask

Options, Preferences, Unparsed Commands

Password Admin

PAT, Translation Rules

PAT, Wizard

PDM, About PDM

PDM Icon Legend

PDM Logging, View PDM Log, Monitor

PDM Users

Ping Tool

Policy, IDS

Policy, Security

Preferences, Options

ProxyARPs Admin

Q-T

Refresh

RIP Admin

Route, Routing, Static Route, RIP, Proxy

ARPs, Hosts/Networks NAT, Routing

RSH FixUp

RTSP FixUp

Search Field (Access Rules or Translation

Rules), Search Hosts/Networks

I-L

ICMP Admin

IDS Policy, IDS Signatures, IDS Monitor

Interfaces Admin

IP Address

Icon Legend

Location of Help Topics

Log, Logging, Admin, Setup, PDM, Syslog, Other,

Log, Logging, Monitor PDM Log, View PDM Log

Signatures, IDS

SIP FixUp

SKINNY FixUp

SMTP FixUp

SNMP Administration, SNMP FixUP

Spoof, Antispoof

SQL*Net FixUP

SSH (Secure Shell) Administration, Monitor

Secure Shell Sessions

Start (Getting Started)

Static Routes, Wizard

Syslog Logging

System Properties

Tabs

TCP

Telnet Admin, Telnet Console Sessions

TFTP Server Admin, Write TFTP Server

Timeout, System Properties

Topics, Help Topics by Location

Translation Rules, Edit Translation Rules

U-Z

UDP

Unparsed Configuration Commands

Unsupported Configuration Commands

URL Filtering, System Properties

Web Server, Wizard

Wizard

Write TFTP Server

Tabs

Wizard

Miscellaneous

Menu Help Files

File Rules Search Options Tools Help

Write to TFTP... Add... By field... Show Unparsed CLI Legend...

Edit... By Host/Net... Preferences Ping

Tab Help Files

Access

Rules Translation

Rules Hosts/Networks System

Properties Monitoring

Access Rules Translation Rules Hosts/Networks Interfaces PDM Log

Edit Edit Rule Edit Failover View PDM Log

Print Manage Pools... Add - 1 Routing SSHl Sessions

Search Field Print Add - 2 RIP Telnet Sessions

NAT - Dynamic Add - 3 Static Route PDM Users

NAT - Static Add - 3 - NAT Proxy ARPs DHCP Client

Search Field Add - 3 - Map/Pools DHCP Server Graphs Introduction

Edit NAT PIX Admin New Graph

Edit Routing Authentication System Graphs

Hosts/Networks Password Blocks

Telnet CPU

Secure Shell Failover

SNMP Memory

ICMP Connection Graphs

TFTP Server Xlates

Logging Perfmon

Logging Setup Miscellaneous

PDM Logging IDS

Syslog Interface Graphs

Others

AAA

AAA Server

Groups

AAA Servers

Auth. Prompt

URL Filtering

Intrusion Detection

IDS Policy

IDS Signatures

Advanced

FixUp

FTP

H.323

HTTP

RSH

RTSP

SIP

Skinny

SMTP

SQL*Net

Anti-Spoofing

Fragment

TCP Options

Timeout

History Metrics

Wizard Help Files

Interfaces

Default Route

Static Routes

Address Translation

NAT

PAT

Mailserver

Check Boxes

Web Server

End

Miscellaneous

PDM Icon Legend

Applying Changes

Refresh

More about Internet Protocol (IP)

Unsupported

File>Write Configuration to TFTP Server

The Write Configuration to TFTP Server panel lets you write the current running configuration to a Trivial

File Transfer Protocol (TFTP) server.

The following sections are included in this Help topic:

Important Notes●

Field Descriptions●

Defining a TFTP Server and Configuration File Name●

Important Notes

If you have already set up a TFTP server in System Properties > PIX Administration > TFTP Server, you can

select the Click here to use the existing TFTP server Configuration on PIX, then Apply to PIX to have the

configuration written to a TFTP server immediately. If not, follow the steps listed in Defining a TFTP Server

and Configuration File Name.

Field Descriptions

This panel displays the following fields.

Click here to use the existing TFTP server Configuration on PIX—If you have already set up a TFTP

server in System Properties>PIX Administration>TFTP Server, this box will be selected by default.

●

Interface Name—The interface on which your TFTP server resides. This information reflects what is

configured in System Properties>PIX Administration>TFTP Server. If Click here to use the existing

TFTP server Configuration on PIX is not selected, the default interface is inside.

●

TFTP Server IP Address—Enter the IP address of the TFTP server.● Configuration File Name—Enter the path and filename of the configuration file to be saved on your

TFTP Server.

●

Apply to PIX—Sends changes made in PDM to the PIX Firewall unit and applies them to the running

configuration.

●

Cancel—Discards changes and returns to the previous panel. .●

Defining a TFTP Server and Configuration File Name

Follow these steps to define a TFTP server and Configuration File Name.1. If you have already set up a TFTP server in System Properties>PIX Administration>TFTP Server, you2.

can select the Click here to use the existing TFTP server Configuration on PIX, then Apply to PIX to

have the configuration written to a TFTP server immediately. If not, proceed to the following steps.

Enter the IP address of the TFTP server you wish to write the configuration file to.3. Enter the TFTP server Path/filename, beginning with "/" (forward slash) and ending in the file name, to

which the running configuration file will be written. Note: The path must begin with a forward slash, "/".

Example TFTP server path: /tftpboot/pixfirewall/config3

Click Apply to PIX.5.

System Properties>PIX Administration

>TFTP Server

This panel allows you to configure the PIX Firewall unit for saving its configuration to a file server using the

Trivial File Transfer Program (TFTP).

Note: This panel does not write the file to the server. Configure the PIX Firewall for using a TFTP server in this

panel, then use File>Write Configuration to TFTP Server... .

The following sections are included in this Help topic::

TFTP and the PIX Firewall●

Field Descriptions●

Applying Changes to the PIX Firewall●

TFTP Servers and the PIX Firewall

TFTP is a simple client/server file transfer protocol described in RFC783 and RFC1350 Rev. 2. This panel allows

you to configure the PIX Firewall as a TFTP client so that The PIX Firewall can transfer a copy of its running

configuration file to a TFTP server using File>Write Configuration to TFTP Server... or the CLI tool. In this way,

configuration files can be backed up and propagated to multiple PIX Firewall units.

This panel uses the configure net command to specify the IP address of the TFTP server and the tftp-server

command to specify the interface and the path/filename on the server where the running configuration file will be

written. Once this information is applied to the running configuration, PDM File>Write Configuration to TFTP

Server... uses the write net command execute the file transfer.

PIX Firewall supports only one TFTP server. The full path to the TFTP server is specified in System

Properties>PIX Administration>TFTP Server. Once configured here, you can use a colon (:) to specify the IP

address in the CLI configure net and write net commands. However, any other authentication or configuration of

intermediate devices necessary for communication from the PIX Firewall to the TFTP server is done apart from

this function.

The show tftp-server command lists the tftp-server command statements in the current configuration. The no

tftp server command disables access to the server.

For more information on the PIX Firewall and TFTP, refer to the "Advanced Configurations" chapter of the Cisco

Secure PIX Firewall Configuration Guide for your respective software version.

Other manuals for PIX 520 - PIX Firewall 520

This manual suits for next models

Table of contents

Other Cisco Software manuals

Cisco

Cisco Catalyst Series Switch 2940 User manual

Cisco

Cisco AS5200 - Universal Access Server How to use

Cisco

Cisco SMTP Instruction Manual

Cisco

Cisco SGACL User manual

Cisco

Cisco TELEPRESENCE MANAGEMENT SUITE EXTENSION 2.2 - FOR MICROSOFT... User manual

Cisco

Cisco PVDM2 24DM - Digital Modem Module User manual

Cisco

Cisco MCS-7825-H3-IPC1 User manual

Cisco

Cisco 1811W - Integrated Services Router Wireless Instruction Manual

Cisco

Cisco DVD-ROM Installation and operation manual

Cisco

Cisco TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE... User manual

Cisco

Cisco OL-4015-08 User manual

Cisco

Cisco 861W - Integrated Services Router Wireless User manual

Cisco

Cisco OL-11757-01 Instruction Manual

Cisco

Cisco TMS SERVER REDUNDANCY - CONFIGURATION GUIDE... User manual

Cisco

Cisco 11.0 BT How to use

Cisco

Cisco Surveillance Media Server Instruction Manual

Cisco

Cisco 4700M User manual

Cisco

Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 User manual

Cisco

Cisco ACTIVE NETWORK ABSTRACTION - BROCHURE WHATS NEW IN RELEASE... User manual

Cisco

Cisco Servers User manual

Cisco

Cisco IP Communicator Instruction Manual

Cisco

Cisco WS-SUP32-GE-3B - Supervisor Engine 32 User manual

Cisco

Cisco TELEPRESENCE MANAGEMENT SUITE EXTENSION 2.2 - FOR MICROSOFT... Service manual

Cisco

Cisco Router IOS XR User manual

Popular Software manuals by other brands

Lexmark

Lexmark Apps Administrator's guide

Brother

Brother BES Lettering installation guide

Symantec

Symantec 10099585 - 10PK NORTON ANTISPAM 2004 user guide

Autodesk

Autodesk AUTOCAR CIVIL 2010 brochure

Trust

Trust AMCAP manual

National Instruments

National Instruments NI-DNET user manual

Symantec

Symantec 20032623 - Endpoint Protection Small Business... Implementation guide

Softland

Softland NOVAPDF PROFESSIONAL - VERSION 7 manual

Fujitsu

Fujitsu ScanSnap Upgrade P2WW-1860-01EN Scanner user guide

Canon

Canon EOS Rebel T3 18-55mm IS II Kit instruction manual

HP AE370A - Brocade 4Gb SAN Switch 4/12 Administrator's guide

Genius

Genius VOIP MOUSE introduction

Juniper

Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE... Configuration guide

Symantec

Symantec GHOST - V 15.0 manual

Canon

Canon VIXIA HF11 instruction manual

Snom

Snom phones Frequently asked questions

Mitsubishi Electric

Mitsubishi Electric CPK60 user manual

HP Rx2620-2 - Integrity - 0 MB RAM user guide

Cisco PIX 520 - PIX Firewall 520 Reference guide

Popular Software manuals by other brands