command equivalent in PIX version 6.3 for the version 7.x command: same-security-traffic permit inte

Good day

I was wondering if anyone could help me. We have a PIX with version
6.3 of the code loaded, and I wanted to know what the equivalent
command in version 6.3 is for the command in version 7.x:
"same-security-traffic permit inter-interface"

We're trying to establish multiple interfaces with the same security
level (assuming it's possible) and unfortunately, the PIX firewall
doesn't have enougth RAM to upgrade to version 7.x

If anyone has any ideas, please let me know

 

Re: command equivalent in PIX version 6.3 for the version 7.x command:same-security-traffic permit inter-interface

Mike Rahl wrote:
> Good day
>
> I was wondering if anyone could help me. We have a PIX with version
> 6.3 of the code loaded, and I wanted to know what the equivalent
> command in version 6.3 is for the command in version 7.x:
> "same-security-traffic permit inter-interface"
>
> We're trying to establish multiple interfaces with the same security
> level (assuming it's possible) and unfortunately, the PIX firewall
> doesn't have enougth RAM to upgrade to version 7.x
>
> If anyone has any ideas, please let me know
>

I am pretty sure this is not possible in versions before 7.X

Chad

 

Re: command equivalent in PIX version 6.3 for the version 7.x command:same-security-traffic permit inter-interface

In article <>,
Chad Mahoney <> wrote:
>Mike Rahl wrote:

>> We're trying to establish multiple interfaces with the same security
>> level (assuming it's possible) and unfortunately, the PIX firewall
>> doesn't have enougth RAM to upgrade to version 7.x

>I am pretty sure this is not possible in versions before 7.X

Right, communicating with the same security level is out of
the question before 7.x.


Multiple interfaces with same security level, together with
insufficient memory, would -tend- to imply an unrestricted
license on a PIX 515 or early PIX 515E. In 7.x, the 515/515E need 128 Mb
for full Unrestricted support; 64 for Restricted.
PIX-515-MEM-128= and -32= respectively.

Equivilent memory is available for about $US130 for 128 Mb; see
for example memoryx.net .

 

Thanks for the responses, alll

I appreciate the help

I had suspected that this was not possible, but just wanted to make
sure I wasn't missing anything. The client is, unfortunately, quite
cheap and is nitpicking us on everything from engineering time to
equipment, so we're stuck stretching whatever can be stretched to get
this to work.


Walter Roberson wrote:
> In article <>,
> Chad Mahoney <> wrote:
> >Mike Rahl wrote:
>
> >> We're trying to establish multiple interfaces with the same security
> >> level (assuming it's possible) and unfortunately, the PIX firewall
> >> doesn't have enougth RAM to upgrade to version 7.x
>
> >I am pretty sure this is not possible in versions before 7.X
>
> Right, communicating with the same security level is out of
> the question before 7.x.
>
>
> Multiple interfaces with same security level, together with
> insufficient memory, would -tend- to imply an unrestricted
> license on a PIX 515 or early PIX 515E. In 7.x, the 515/515E need 128 Mb
> for full Unrestricted support; 64 for Restricted.
> PIX-515-MEM-128= and -32= respectively.
>
> Equivilent memory is available for about $US130 for 128 Mb; see
> for example memoryx.net .

 

Re: command equivalent in PIX version 6.3 for the version 7.x command:same-security-traffic permit inter-interface

Mike Rahl wrote:
> Thanks for the responses, alll
>
> I appreciate the help
>
> I had suspected that this was not possible, but just wanted to make
> sure I wasn't missing anything. The client is, unfortunately, quite
> cheap and is nitpicking us on everything from engineering time to
> equipment, so we're stuck stretching whatever can be stretched to get
> this to work.
>
on the other hand:

why do you need this feature?


M

 

I was actually posting it for a coworker here.

Basically, the client wants to use multiple ports on his firewall (a
PIX 535e) with the same security zone (basically using the Firewall as
a quasi-switch, I guess). We've repeatedly told him not to do this,
but rather use 1 port on the firewall and get a proper switch, then put
the users on that switch.

The client doesn't want to spend the money on the switch, nor does he
want to buy memory, he just wants to stretch the firewall far beyond
its capabilities.

I can assure you, this is far from an optimal solution to me as well

mak wrote:
> Mike Rahl wrote:
> > Thanks for the responses, alll
> >
> > I appreciate the help
> >
> > I had suspected that this was not possible, but just wanted to make
> > sure I wasn't missing anything. The client is, unfortunately, quite
> > cheap and is nitpicking us on everything from engineering time to
> > equipment, so we're stuck stretching whatever can be stretched to get
> > this to work.
> >
> on the other hand:
>
> why do you need this feature?
>
>
> M

 

In article <>,
Mike Rahl <> wrote:

>Basically, the client wants to use multiple ports on his firewall (a
>PIX 535e) with the same security zone (basically using the Firewall as
>a quasi-switch, I guess). We've repeatedly told him not to do this,
>but rather use 1 port on the firewall and get a proper switch, then put
>the users on that switch.

>The client doesn't want to spend the money on the switch, nor does he
>want to buy memory, he just wants to stretch the firewall far beyond
>its capabilities.

Bummer.

Is it a PIX 535 or PIX 515E? A 535 should already have enough memory,
but original 515E might not have 128 Mb. If, though, the configuration
is not too big or there is not a high traffic load, then the word
in these newsgroups is that you can load PIX 7.x on a PIX 515/515E
with less than the recommended amount of memory, particularily if you
do not install ASDM.

Of course the time involved to do so, together with the disruption
of client networking, is worth far far more than the cost of
a simple switch. Depending on the exact needs, a $US40 switch
might be good enough.