Firewall Builder for Cisco PIX is widely respected for its high performance and variety of feartures, however, it is also well known to be rather difficult to configure and manage. Firewall Builder for PIX solves this problem. It hides the complexity of PIX command line interface and automatically configures options and parameters that make manual configuration a real chore. To name just a few examples, Firewall Builder for PIX completely automates management of the global address pools, watches for conflicts between global pools and static commands, properly chooses "nat" or "static" commands for a given address translation rule, and does many other things for you.
Existing solutions, such as PDM, work fine for small installations but their limitations quickly become evident as firewall policy grows and becomes complex. PDM does not help with assigning rules to interfaces, it works on the same low level of "nat", "global" and "static" commands for NAT, it does not allow for nesting of object groups and has other limitations. Firewall Builder and Firewall Builder for PIX have been designed for management of the complex firewall policies in environments with many firewalls.
Firewall Builder for PIX is a component that works as part of the Firewall Builder suite of programs. This means you can easily control and configure several different firewalls from the same management workstation. Firewall Builder provides unified view and standardized interface for management of all supported firewalls regardless of the platform, which opens unique opportunity to minimize cost in a large firewall deployments by chosing firewall platform from the wide variety of available solutions.
Firewall Builder for PIX provides unprecedented flexibility: you can use a mix of cheap but powerful Open Source firewalls and proven rock solid Cisco PIX devices in the network and control all of them from the same central management station.
Firewall Builder works on all major Linux distributions, FreeBSD, Windows 2000 and XP, as well as Mac OS X.
Here are some key features of "Firewall Builder for Cisco PIX":
· designed for complex firewall configurations
· can control multiple firewalls from the central management station
· utilizes object-oriented approach to firewall policy design
· simplifies policy design
· can install policy updates without disrupting sessions opened through the firewall
Firewall Builder for PIX supports the following features that appeared in PIX v6.3 :
· New fixup commands: 'ctiqbe', 'dns', 'icmp error', 'mgcp', 'pptp', 'sip udp', 'tftp'
· New logging features: syslog level and logging interval can be set for an individual ACL rule. Corresponding GUI controls have been added in fwbuilder and change has been made to permit rule options column and pop-up dialog, as well as logging icon.
· support for "logging device-id" command
· support for logging in EMBLEM format
· support for marking ACL commands with original rule numbers using ACL remarks.
· Commands "sysopt route dnat" and "sysopt security fragguard" are deprecated in v6.3. Compiler is now aware of that.
· v6.3 permits using interface name in ACL. Compiler generates appropriate ACL using "interface nnnn" option if PIX OS version is 6.3 or later, compilation is aborted with an error if version is lower than 6.3.
· support for policy NAT in both "nat" and "static" commands
· support for "max_conns" and "emb_limit" options in "nat" and "static" commands
What's New in This Release:
· Starting with this version, Firewall Builder for PIX has been released under the GPL and became a part of the main Firewall Builder code tree and binary packages.