(Before configuring the PIX firewall, let's first introduce the physical characteristics of the firewall. Firewalls usually have a minimum of 3 interfaces, but many early firewalls have only 2 interfaces; when using a firewall with 3 interfaces, a minimum of 3 networks are created, depicted as follows: Internal zone (intranet). The internal area usually refers to the internal network of the enterprise or a part of the internal network of the enterprise. It is the trust zone of the interconnected network, that is, it is protected by a firewall. External zone (extranet). The external area usually refers to the Internet or non-enterprise internal network. It is an untrusted area in the interconnected network. When the external area wants to access the hosts and services of the internal area, it can achieve limited access through the firewall. Ceasefire Zone (DMZ). A ceasefire zone is a blocked network, or several networks. A host or server located in a ceasefire zone is called a bastion host. Usually in the ceasefire zone can place Web server, Mail server, etc. Ceasefire zones are generally accessible to external users, which allows external users to access corporate disclosures, but does not allow them to access the corporate internal network. Note: The firewall with 2 interfaces does not have a ceasefire zone. Since the PIX535 is not universal at the enterprise level, the following first describes the use of the PIX525 in the enterprise network.)