within this architecture, the pix firewall forms the boundary between the protected networks and the unprotected networks. all traffic between the protected and unprotected networks flows through the firewall to maintain security. the unprotected network is typically accessible to the internet. the pix firewall lets you locate servers such as those for web access, snmp, electronic mail (smtp) in the protected network, and control who on the outside can access these servers.

    alternatively, for all pix firewall models except the pix 506 and pix 501, server systems can be located on a perimeter network as shown in figure 1-1, and access to the server systems can be controlled and monitored by the pix firewall. the pix 506 and pix 501 each have two network interfaces, so all systems need to be located either on the inside or the outside interfaces.

    the pix firewall also lets you implement your security policies for connection to and from the inside network.

    typically, the inside network is an organization's own internal network, or intranet, and the outside network is the internet, but the pix firewall can also be used within an intranet to isolate or protect one group of internal computing systems and users from another.

    the perimeter network can be configured to be as secure as the inside network or with varying security levels. security levels are assigned numeric values from 0, the least secure, to 100, the most secure. the outside interface is always 0 and the inside interface is always 100. the perimeter interfaces can be any security level from 1 to 99.

    both the inside and perimeter networks are protected with the pix firewall's adaptive security algorithm(asa). the inside, perimeter, and outside interfaces can listen to rip routing updates, and all interfaces can broadcast a rip default route if required.