[fw-wiz] PIX assessment

From: vulnerable (vulnerable_at_gmail.com)
Date: 09/26/05

  • Next message: Devdas Bhagat: "Re: [fw-wiz] The home user problem returns"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 26 Sep 2005 06:43:56 -0700
    
    

    hello all.

    I'm doing an assessment on the config of a pix running 6.3. Me not
    being much of a pix expert have a few questions.

    From reading documentation it is my understanding that if you have
    traffic flowing from inside (higher security level) to dmz (lower
    security level) interface then you will not require either an ACL or a
    static statement permitting this. However, this particular config is
    declaring transparent static's that the documentation I've read says
    is unnecessary. Any reasons why they may be doing this? I'm going
    through a rather long config (3000+ lines), and running some perl mojo
    I find that there are over 300 statics defined for addresses behind
    the inside interface. Useless? Something that perhaps the PDM does?

    Oh, I've also been trying to track down the latest rev of pixOS 6.3.
    Can't find it anywhere on cisco's public site.

    Also, I've been using the enterastream documentation (1) as a
    reference, is there anything else out there that is worth looking at?

    1) http://www.enterastream.com/whitepapers/cisco/pix/pix-practical-guide.html
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Devdas Bhagat: "Re: [fw-wiz] The home user problem returns"