Justin A. Parr - Technologist

Keywords: PIX PDM


Configuration

PIX 5xx
PIX OS 6.3
Tested with IE 6.0 SP1 and Firefox 1.03


Issue

Sometimes it is desirable to make a quick and easy change to a PIX config without having to deal with the bloat of PDM or the overhead of remote control to a PC with a TTY session to the console port.

This is also a good tool for Help Desk situations, where the Help Desk can be given a web page with links to a home user’s PIX in order to check status or make minor modifications.

Although I have not done this, this technique could also be used to write an app that polls statistics or periodically updates remote PIX configurations by using a tool such as cURL or other scriptable browser widgets.


HowTo

PIX OS 6 can accept URLs in the following form:

https://pixipaddress/exec/some command

The browser will prompt for a login, and will then run the command as if you were connected via console, telnet, or SSH. The command output (if any) will be displayed in the browser.

The browser will “escape” the spaces (turn spaces in to %20), but if you are using an odd user agent or script component, you may need to manually substitute the spaces manually.

Assumptions:
A. management subnet: 192.168.99 / 24
B. PIX management interface: 192.168.102.1

1. Add the following lines to the PIX config (assumes your management subnet is 192.168.99 / 24):

pdm location 192.168.99.0 255.255.255.0 inside
http 192.168.99.0 255.255.255.0 inside
http server enable

2. In a browser, go to the following URL:

https://192.168.102.1/exec/sh arp