Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- From: "Chris Wargaski" <cwargaski@xxxxxxxxxx>
- Date: Sat, 6 Jan 2007 14:20:43 -0600
You'll need to allow DNs queries outbound from the DMZ, too.
cjw
Christopher J. Wargaski
RMS Technology Solutions, Inc.
cwargaski@xxxxxxxxxx
(847) 215-1661 x223
-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Victor Williams
Sent: Fri 1/5/2007 6:27 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
You've got no access list entries allowing hosts in the DMZ1 segment
access out to the internet. Also, checking the log buffer on the PIX
will usually give you the culprit of what's causing your access issue if
you have it set up to do so...set the log to warning or higher and it
will show you what the culprit is.
What I believe you need is (at least for traffic to http and https
websites):
access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80
access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443
nat (DMZ1) 1 10.0.0.0 255.255.255.0
<<winmail.dat>>
_______________________________________________firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] DMZ traffic out to internet with PIX 515
- From: Paul Madore
- Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- From: Victor Williams
- [fw-wiz] DMZ traffic out to internet with PIX 515
- Prev by Date: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- Next by Date: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- Previous by thread: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- Next by thread: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
- Index(es):
