1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

PDM Operating Requirements

PDM Operating Requirements

If the PIX firewall was preinstalled with version 6.2 on any of the PIX 501, PIX 506/506e, PIX 515/515e, PIX 520, PIX 525, and PIX 535 platforms, then PDM 2.1 is already installed and supported. Several areas of concern need to be addressed to use PDM successfully. For PDM version 2.1, consider the following:

  • PIX Firewall requirements

  • Workstation requirements

  • Cisco Secure Policy Manager considerations

  • Web browser considerations

PIX Firewall Requirements

The PIX Firewall must be running PIX Firewall software version 6.2 for PDM Version 2.1 to run. The PIX installation requirements for PIX OS 6.2 are the same as for PDM v2.1, which means if the PIX Firewall is running PIX Firewall software version 6.2, then the requirements to install PDM v2.1 have already been met.

PIX Firewall unit must meet the following requirements to install and run PDM v2.1 successfully:

  • The PIX unit must have an activation key for Data Encryption Standard (DES) or triple DES (3DES) for its Secure Socket Layer (SSL) connection.

  • At least 8MB of Flash memory are required.

  • The optimal PIX configuration file size for use with PDM is less than 100K, approximately 1,500 lines. Configuration files over 100K might impair the performance of PDM on the workstation. The show flashfs command can be used to determine the size of the configuration file. The “file 1” length is the size of the configuration file in bytes. The following example shows a config file size of 1.857K.

    Pix# show flashfs
flash file system: ?version:2 ?magic:0x12345679
 ?file 0: origin: ??????0 length:1540152
 ?file 1: origin: 1572864 length:1857
 ?file 2: origin: ??????0 length:0
 ?file 3: origin: 2621440 length:4748324
 ?file 4: origin: 8257536 length:280
Pix#

Workstation Requirements

PDM host requirements depend on the platform. PDM isn’t supported on Macintosh, Windows 3.1, or Windows 95 devices. PDM currently supports the following host systems:

  • Windows

  • SUN Solaris

  • Linux

This section looks at the requirements for each.

Windows Requirements

The following are minimum requirements to run PDM v2.1 with Windows:

  • Windows 2000, Windows NT 4.0, or Windows XP/Me/98 operating system (OS). Windows 3.1 and 95 aren’t supported.

  • Pentium or Pentium-compatible processor running at 350 MHz or higher.

  • 128MB RAM minimum, 192 MB or more recommended.

  • 800 ? 600 (256 colors) display minimum, 1,024 ? 768 with at least High Color (16-bit) colors recommended.

  • Cisco recommends Internet Explorer with PDM because it loads faster on this platform. Supported browsers include Internet Explorer 5.0 or higher and Netscape Communicator versions 4.5x or 4.7x only. PDM doesn’t currently support Netscape 6.x or 7.

Virus-checking software increases the time required for PDM to start, particularly with Netscape Communicator and Windows 2000 with any browser. Because turning off the virus check has its own downside, just recognize the delay and be patient.

SUN Solaris Requirements

The following are minimum requirements to run PDM v2.1 with Sun SPARC:

  • Sun Solaris 2.6 or later running CDE or Sun’s OpenWindows interfaces.

  • SPARC microprocessor.

  • 128MB RAM minimum.

  • 800 ? 600 (256 colors) display minimum, 1,024 ? 768 with at least High Color (16-bit) colors recommended.

  • Supported browsers include Netscape Communicator versions 4.5x or 4.7x only: PDM doesn’t currently support Netscape 6.x or 7.

PDM doesn’t currently support Intel-based Solaris implementations.

Linux Requirements

The following are minimum requirements to run PDM v2.1 with Linux:

  • Red Hat Linux 7.0, 7.1, 7.2, or 7.3 running the GNOME or KDE 2.0 desktop environment.

  • 64MB RAM minimum.

  • 800 ? 600 (256 colors) display minimum, 1,024 ? 768 with at least High Color (16-bit) colors recommended.

  • Supported browsers include Netscape Communicator versions 4.7x only. PDM doesn’t currently support Netscape 6.x or 7.

Cisco Secure Policy Manager Considerations

Cisco Secure Policy Manager (CSPM) is a topology-based GUI application that allows network administrators to define high-level security policies visually for multiple Cisco firewalls, IOS devices, and VPN gateways. These end-to-end policies can then be distributed from the centrally located CSPM host, eliminating time-consuming configuration of security commands on a device-by-device basis. The CSPM application can import existing PIX and IOS device security policies. CSPM provides system-auditing functions, monitoring, event notification, and web-based reporting.

For network using CSPM, PDM can only be used for monitoring. Any PDM configu- ration changes to the PIX Firewall units would be overwritten the next time CSPM synchronizes with the PIX Firewall. While PDM can monitor any configuration—whether created using the command-line interface or CSPM—these changes to the firewall configuration aren’t communicated automatically to the PDM. In this circumstance, clicking Refresh in PDM is necessary to update the current firewall configuration.

Web Browser Considerations

PDM is a signed Java applet that uses certificates and HTTPS (HTTP over SSL) to transmit all information securely between PDM and the PIX Firewall. As a Java applet, PDM can run on a variety of platforms without requiring a plug-in or complex software installation. The PDM applet resides in the PIX unit Flash memory and uploads to the workstation when the PIX is accessed using a web browser. PDM uses the SSL protocol to ensure communication with the PIX Firewall unit is secure.

Note, the Web browser used to access PDM must be Java-enabled and support SSL connection. Both features can be set/confirmed on Internet Explorer 6.x using the Tools | Internet Options | Advanced tab, as shown in Figure 22-2.

Click To expand
Figure 22-2: Internet Explorer Advanced Options tab

PDM uses the native Java Virtual Machine (JVM) in the browser, not in the Java browser plug-in. If Java plug-in is present for other applications, it can’t be your default JVM.

To use PDM with Microsoft Internet Explorer, it must use JDK Version 1.1.4. To verify the current version, use the Help | About Cisco PDM from the PDM menu. Figure 22-3 shows the resulting output and the JDK information in the lower-right corner. This same information is available on the PDM opening screen. Notice the screen has a model and version information about PDM, the PIX unit, host OS, the browser, and the user privilege level.

Click To expand
Figure 22-3: The Help | About Cisco PDM screen

The latest version of JVM is available from Microsoft by downloading the product called Virtual Machine.




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Chapter 17: CiscoSecure PIX Firewalls
Chapter 18: Getting Started with the Cisco PIX Firewall
Chapter 19: Access Through the PIX Firewall
Chapter 20: Advanced PIX Firewall Features
Chapter 21: Firewalls and VPN Features
Chapter 22: Managing and Maintaining the PIX Firewall
PDM Overview
PDM Operating Requirements
Prepare for PDM
Using PDM to Configure the PIX Firewall
Using PDM to Create a Site-to-Site VPN
Using PDM to Create a Remote Access VPN
CiscoWorks Management Center for PIX Firewalls (PIX MC)
PIX Failover Feature
Password Recovery
Upgrading the PIX OS
Chapter Review
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars