Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself?
From: Kevin Steves (stevesk@pobox.com)
Date: 01/14/03
- Next message: -: "[fw-wiz] Cisco PIX 5.3 flags"
- Previous message: Kevin Steves: "Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- In reply to: Mark.Boltz@stonesoft.com: "Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- Next in thread: Toh Kar Lai Catherine: "RE: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kevin Steves <stevesk@pobox.com> To: Mark.Boltz@stonesoft.com Date: Tue Jan 14 09:18:22 2003
On Sun, Jan 12, 2003 at 10:42:51AM -0500, Mark.Boltz@stonesoft.com wrote:
> >i have never liked the ASA/security level approach that PIX uses--i
> >would rather not have implied policies. i'm told you can assign
>
> Kevin, I'm not sure I understand. Do you mean you don't want implied
> policies in a general sense? In this particular case, we're talking a final
> "deny all" rule, which is because the generally accepted stance of security
> products should be to deny that which is not expressly permitted. Curious
> as to which you meant...
yes, there is an implied default deny for access lists. but in the
absense of an interface access-group, the default is permit for high
to low origin security level traffic.
- Next message: -: "[fw-wiz] Cisco PIX 5.3 flags"
- Previous message: Kevin Steves: "Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- In reply to: Mark.Boltz@stonesoft.com: "Re: Fw: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- Next in thread: Toh Kar Lai Catherine: "RE: [fw-wiz] cisco pix does not log traffic targetted to itself?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
