RE: [fw-wiz] Cisco PIX config beautifier???

From: Strydom, Willie (WStrydom_at_fnb.co.za)
Date: 08/08/03

  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco 506E and CP NG VPN Problems"
    To: 'Kevin Miller' <kmiller@inflow.com>, "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 8 Aug 2003 08:08:29 +0200
    
    

    cisco does have a gui (yuk) but I read somewhere that the guys that make
    firewallbuilder for iptables has also written a Pix version, Firewallbuilder
    is ok, so I reacon the gui should be, just remember, a Fw1 rulset is way
    different to a PIX, as acls are per interface and not globaly, so the pix
    gui might be large and slooow. That is my experiance with cisco's anyway.

    CLI Rules, specially since 6.31 supports "| include" and "| grep". Makes
    1000's acl entries managable :-))

    -----Original Message-----
    From: Kevin Miller [mailto:kmiller@inflow.com]
    Sent: 07 August 2003 12:55
    To: 'firewall-wizards@honor.icsalabs.com'
    Subject: [fw-wiz] Cisco PIX config beautifier???

    Has anyone ever found a utility that will parse a PIX config and change it
    into a more easy to read format (eg. Checkpoint style)? At one time there
    was a utility for Checkpoint that would parse the objects.c and
    rulebases.fws and create an HTML file that contained the rulebase and links
    for details about the objects.

    I know a script could be written with out too much effort but I am curious
    to see if anyone else has already written something.

    Thanks for the help

    Kevin

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    ___________________________________________________________________________________________________

    The views expressed in this email are, unless otherwise stated, those of the author and not those
    of the FirstRand Banking Group or its management. The information in this e-mail is confidential
    and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised.
    If you are not the intended recipient, any disclosure, copying, distribution or any action taken or
    omitted in reliance on this, is prohibited and may be unlawful.
    Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data
    transmitted electronically and to preserve the confidentiality thereof, no liability or
    responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted
    or does not reach its intended destination.

                                   ________________________________
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco 506E and CP NG VPN Problems"

    Relevant Pages

    • RE: [fw-wiz] Skip the PDM
      ... to be the most convoluted GUI I have ever worked with (NetScreen, PIX, ... Point really seems to be just one step ahead of firewall configuration hell ... OTOH, while PDM isn't some earth shattering entry into GUI management, the ... if I have to agree that the PIX DHCP configuration is pretty convoluted, ...
      (Firewall-Wizards)
    • Re: VPN/IPsec Passthrough durch Cisco PIX
      ... Aus unserem LAN sollen die Mitarbeiter mit SAP GUI 7.10 per Cisco VPN ... Auf der PIX? ... Auf einem Geraet hinter der PIX? ...
      (de.comp.security.firewall)
    • Re: Nokia and CheckPoint or Cisco?
      ... Its' GUI is flaky ... the entire config back out to the PIX ... That's the last time I ever used PDM to make ... IP390 and keep CheckPoint, or whether to look at something like the Cisco ...
      (comp.security.firewalls)
    • Re: difference between netscreen x25 and cisco 515e
      ... configurable for experts that can use IOS instead of the GUI, ... company that doesn't want to learn a command line interface like IOS and ... > Netscreen is pretty weak compared to the PIX. ... Go to each website a look ...
      (comp.security.firewalls)