Re: [fw-wiz] DMZ traffic out to internet with PIX 515



You'll need to allow DNs queries outbound from the DMZ, too.



cjw

Christopher J. Wargaski
RMS Technology Solutions, Inc.
cwargaski@xxxxxxxxxx
(847) 215-1661 x223



-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Victor Williams
Sent: Fri 1/5/2007 6:27 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515

You've got no access list entries allowing hosts in the DMZ1 segment
access out to the internet. Also, checking the log buffer on the PIX
will usually give you the culprit of what's causing your access issue if
you have it set up to do so...set the log to warning or higher and it
will show you what the culprit is.

What I believe you need is (at least for traffic to http and https
websites):

access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80
access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443
nat (DMZ1) 1 10.0.0.0 255.255.255.0



<<winmail.dat>>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards