[fw-wiz] PIX assessment

From: vulnerable (vulnerable_at_gmail.com)
Date: 09/26/05

Next message: Devdas Bhagat: "Re: [fw-wiz] The home user problem returns"

Previous message: Mike Bydalek: "Re: [fw-wiz] Different Authentication For vpngroups On PIX"
Next in thread: Nate Itkin: "Re: [fw-wiz] PIX assessment"
Reply: Nate Itkin: "Re: [fw-wiz] PIX assessment"
Reply: Paul Melson: "RE: [fw-wiz] PIX assessment"
Reply: Mike Meredith: "Re: [fw-wiz] PIX assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Mon, 26 Sep 2005 06:43:56 -0700

hello all.

I'm doing an assessment on the config of a pix running 6.3. Me not
being much of a pix expert have a few questions.

From reading documentation it is my understanding that if you have
traffic flowing from inside (higher security level) to dmz (lower
security level) interface then you will not require either an ACL or a
static statement permitting this. However, this particular config is
declaring transparent static's that the documentation I've read says
is unnecessary. Any reasons why they may be doing this? I'm going
through a rather long config (3000+ lines), and running some perl mojo
I find that there are over 300 statics defined for addresses behind
the inside interface. Useless? Something that perhaps the PDM does?

Oh, I've also been trying to track down the latest rev of pixOS 6.3.
Can't find it anywhere on cisco's public site.

Also, I've been using the enterastream documentation (1) as a
reference, is there anything else out there that is worth looking at?

1) http://www.enterastream.com/whitepapers/cisco/pix/pix-practical-guide.html
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Devdas Bhagat: "Re: [fw-wiz] The home user problem returns"

Previous message: Mike Bydalek: "Re: [fw-wiz] Different Authentication For vpngroups On PIX"
Next in thread: Nate Itkin: "Re: [fw-wiz] PIX assessment"
Reply: Nate Itkin: "Re: [fw-wiz] PIX assessment"
Reply: Paul Melson: "RE: [fw-wiz] PIX assessment"
Reply: Mike Meredith: "Re: [fw-wiz] PIX assessment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Sphinx 0.6 and 0.5.2, beta 1, released
... I'm proud to announce the release of Sphinx 0.6b1 and 0.5.2b1. ... see the new section in the documentation. ... The new config value ``rst_epilog`` can contain reST that is ... Autodoc now handles documented attributes. ...
(comp.lang.python.announce)
Sphinx 0.6.1 and 0.5.2 released
... I'm proud to announce the release of Sphinx 0.6.1 and 0.5.2. ... see the new section in the documentation. ... The new config value ``rst_epilog`` can contain reST that is ... Autodoc now handles documented attributes. ...
(comp.lang.python.announce)
Re: ld65 questions - overlays etc.
... This also seems to be missing from the documentation and what I ... The config files bring the flexibility which make ld65 such a great ... For beginners you have the built-in linker configurations. ...
(comp.sys.apple2.programmer)
Re: Do you think this is a server issue or other?
... My dog hoards his toys too. ... Ask him to create a complete infrastructure documentation including ... configuration, VPN config, the ... way nothing is hidden all assets lists and configs are documented. ...
(microsoft.public.windows.server.sbs)
Cellcore testing via CETK
... I've got another informational post here... ... To run the tests you need to have the config files ... the documentation but not referenced:-D ... B364-45ec-8421-5ACF34129C58} for the CSD data transfer test. ...
(microsoft.public.windowsce.platbuilder)