Re: Protecting PIX Firewall at the Perimeter Router

From: rsavage@nandomedia.com
Date: 11/05/02


Date: Tue, 5 Nov 2002 13:42:19 -0500 (EST)
From: <rsavage@nandomedia.com>
To: Naman Latif <naman.latif@inamed.com>

Yes, snmp for one. Then you might consider services you don't/won't ever
need to be seen from the internet (like sun rpc services, any type of
network back services, application service ports, etc.)

If you only need something like port 80 open, then map out a way to only
allow that port opened. You can also build ACLs for other remote networks
to limit who accesses what.

I really can't give you more info since I am not sure what your network
setup is like.

-Rory

On Mon, 4 Nov 2002, Naman Latif wrote:

> Hi All,
>
> I wanted some suggestions\practical experiences for protecting a
> Firewall wall at the Perimeter Router Level.
>
> We have a PIX Firewall connected to our Cisco Router, which is connected
> to the Internet. Should there be any IOS Firewall Rules in the Router,
> other than blocking Telnet,FTP etc to the Firewall itself ?
>
> PIX will be doing NAT, protecting DMZ machines, and IPSec connections.
>
> Regards \\ Naman
>