the pix firewall protects an inside network from unauthorized access by users on an outside network,such as the public internet. most pix firewall models can optionally protect one or more perimeter networks, also known as demilitarized zones (dmzs). access to the perimeter network is typically less restricted than access to the outside network, but more restricted than access to the inside network.

    connections between the inside, outside, and perimeter networks are controlled by the pix firewall.

    to effectively use a firewall in your organization, you need a security policy to ensure that all traffic from the protected networks passes only through the firewall to the unprotected network. you can then control who may access the networks with which services, and how to implement your security policy using the features that the pix firewall provides.

    figure 1-1 shows how a pix firewall protects a network while allowing outbound connections and secure access to the internet.