i have a bet to settle with a co-worker.
i thought for sure i read that the 506e with 6.3.4 now supports a DMZ interface but my old-school co-worker keeps pointing me to this page:
Model Restricted License1 Unrestricted License Total Interfaces Physical Interfaces Logical Interfaces Total Interfaces Physical Interfaces Logical Interfaces
PIX 506/506E NA NA NA 2 2 Not supported
The "Not supported" part was the number of logical interfaces.
Hence, he WAS correct.
However, before i pull the rug from him, i looked up that the recent release 6.3.4:
VLAN Support Added to the PIX 506/506E This release introduces VLAN support for PIX 506/506E, enabling these platforms to be a low-cost DMZ enabled solution. With this new PIX support, users may implement additional logical interfaces, allowing them to securely host an external Web site, a secure email server, or even an extranet.
By adding support for the IEEE 802.1q VLAN tags, 506/506E Firewalls now feature added flexibility in managing and provisioning the firewall. This feature enables the decoupling of IP interfaces from physical interfaces, making it possible to configure logical IP interfaces independently.
VLAN feature support is added to the interface command.
=B7A maximum of two logical interfaces may be configured on the
506/506E, thus providing a maximum of four interfaces (2 physical and 2 logical) on these platforms.=B7When 506 and 506E are used as VPN hardware clients, logical interfaces on the 506/506E cannot be used to initiate a VPN tunnel.
=B7If the VLAN ID is set to 4095, the interface name cannot be modified with the nameif command. It may not be appropriate to use VLAN ID 4095 because of this issue.
For configuration information, refer to "Configuring PIX Firewall with VLANs" in the Cisco PIX Firewall and VPN Configuration Guide. For a complete description of the command syntax for these new commands, refer to the Cisco PIX Firewall Command Reference.
I need an unequivocal answer so i can win my bet! lolz!
~Misty.