Re: [fw-wiz] New to Cisco PIX/ ASA
- From: ArkanoiD <ark@xxxxxxxxx>
- Date: Mon, 6 Aug 2007 09:42:38 +0400
Being not a PIX expert, as i see no one answers, no, you do not need
a reverse rule if the protocol is known and does not require strange callbacks.
If it does, it is hard to say how your configuration does look like ;-)
On Wed, Aug 01, 2007 at 06:41:53PM -0400, Keith A. Glass wrote:
I've managed Gauntlets, Checkpoints, Netscreens, and SonicWalls in the
past.
I'm a bit confused with the in and outs of the ASA firewalls.
I'm setting up at HA pair, my Eth0/0 is my interior interface, trust
level 100, Eth 0/1 and 0/2 are my IP and State heatbeats, and Eth 1/0
is my external interface, trust level 1.
Am I correct in my understanding that if I want two-way traffic,
traffic is not blocked to a lower trust level, so I need only write a
rule to pass the traffic between the endpoints from the external
interface to the internal interface, and the reply traffic is taken
care of ?? Or do I have to write a reverse rule, from the internal
interface to the external as well ???
email protected and scanned by AdvascanTM - keeping email useful -
www.advascan.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] New to Cisco PIX/ ASA
- From: Jason
- Re: [fw-wiz] New to Cisco PIX/ ASA
- References:
- [fw-wiz] New to Cisco PIX/ ASA
- From: Keith A. Glass
- [fw-wiz] New to Cisco PIX/ ASA
- Prev by Date: Re: [fw-wiz] Check Point NG FP3 HF2 on Solaris 5.8
- Next by Date: Re: [fw-wiz] IPS Content filtering techniques
- Previous by thread: [fw-wiz] New to Cisco PIX/ ASA
- Next by thread: Re: [fw-wiz] New to Cisco PIX/ ASA
- Index(es):
