Configure a Cisco PIX Firewall with this template

by David "Davis CCIE, MCSE+I, SCSA" | Jan 11, 2007 6:58:00 PM

Tags: Firewalls, Network security, David Davis CCIE, MCSE+I, SCSA, PIX, Cisco PIX Firewall, firewall, Cisco Systems Inc., Cisco Routers and Management Newsletter

Takeaway: Configuring a new Cisco PIX Firewall can be challenging and time-consuming. Why not automate the process with an Excel template? We've done most of the work for you by creating a downloadable template. David Davis has the details in this edition of Cisco Routers and Switches.

Configuring a new Cisco PIX Firewall can be challenging and time-consuming. Why not automate the process with an Excel template? We've created an Excel template that will help you automate the configuration of a new Cisco PIX 501 Firewall.

What this template does

This template will generate the configuration for a Cisco PIX 501 Firewall according to the information you supply. The template contains two worksheets.

The first worksheet is a reference, which offers a sample configuration that lists the various commands and their purposes. This sample configuration performs the following actions for the firewall:

• Configures a hostname for the PIX.
• Creates a password to control who can log in to the PIX.
• Creates an enable password to control who can administer the PIX.
• Enables the HTTP Web server for remote administration using the PIX Device Manager (PDM).
• Configures the proper time zone, and points the switch to a local NTP time server for date and time synchronization.
• Configures IP addresses on the inside and outside interfaces, and enables both of them.
• Creates a default gateway on the PIX.
• Configures NAT Overload (Port Address Translation, or PAT) so all inside network devices can access the outside network (usually the Internet).
• Creates an access control list on the PIX so inside clients can only use the Internet for Web browsing and FTP.
• Saves the new configuration, which preserves the configuration during rebooting.

You can input your configuration information for your network on the second worksheet. If there's a setting you don't need, you can remove it.

What you need to know

Here's a list of things you need to know before you download the template:

• Click the Enable Macros button when you open the Excel workbook.
• This template performs basic setup commands. You can add your custom PIX configurations to create a fast configuration template that does much more.
• This template assumes you want to use the firewall to allow all inside devices to access the Internet through the firewall. If preferable, you can disable this and instead set up individual NAT entries for certain servers.
• This template assumes you have a local NTP server on your internal LAN. If this is not the case, you can use the clock command to set the time manually or point the PIX to retrieve its NTP updates from the Internet.

Get the template

Now that you know what the template can do for you and how to use it, you can get started. Follow these steps:

1. Download the template.
2. Open the Excel file, and fill in the yellow sections on the Variables worksheet.
3. Click the Replace button; it will generate the appropriate configuration on a new worksheet called PIX - 1.
4. Copy the configuration from the Excel file, and paste it into the Cisco CLI when connected to the PIX's console port.

For more information, see Cisco's documentation for Cisco PIX Firewall, Version 6.3.

We want your feedback

What do you think of this template? Would you like to see other templates covering different topics or products? Share your opinions in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

Print/View all Posts Comments on this article

pixanthonyd@...  | 01/12/07

Result is non-working configlrmoore@...  | 01/18/07

Good additions to the ACL!ddavis@...  | 01/18/07

internet still not accessibleglenn22@...  | 04/05/07

RE: internet still not accessibleddavis@...  | 04/11/07

Change default route?rob@...  | 05/15/07

Enable logging, too!Dana.Dawson@...  | 01/13/07

RE: Configure a Cisco PIX Firewall with this templatemichael_locklear@...  | 05/23/08