RE: [Full-Disclosure] PIX vs CheckPoint

• Previous message: Edge, Ronald D: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?"
• Maybe in reply to: Darkslaker: "[Full-Disclosure] PIX vs CheckPoint"
• Next in thread: Abraham, Antony (Cognizant): "RE: [Full-Disclosure] PIX vs CheckPoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Cyril Guibourg" <plonk-o-matic@teaser.fr>, "Otero, Hernan (EDS)" <HOtero@lanchile.cl>
Date: Wed, 30 Jun 2004 15:41:26 -0400

That is odd. When dealing with a Pix firewall, no traffic can go out an interface without some sort of translation statement.

Even the default configuration has this:

     nat (inside) 1 0.0.0.0 0.0.0.0 0 0

There must be either a static or dynamic translation statement in your configuration.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Cyril Guibourg
Sent: Wednesday, June 30, 2004 2:18 PM
To: Otero, Hernan (EDS)
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] PIX vs CheckPoint

"Otero, Hernan (EDS)" <HOtero@lanchile.cl> writes:

> I think you do, because at least a nat 0 itīs needed to get traffic passing
> through the pix.

This is odd, I do have a running config under 6.2 without any nat statement.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@oxygen.com and destroy all electronic and paper copies of this e-mail.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Edge, Ronald D: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?"
• Maybe in reply to: Darkslaker: "[Full-Disclosure] PIX vs CheckPoint"
• Next in thread: Abraham, Antony (Cognizant): "RE: [Full-Disclosure] PIX vs CheckPoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]