Search This Blog

Wednesday, September 05, 2007

firewall-wizards Digest, Vol 17, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Managing multiple Cisco Pix's (James Burns)
2. Do you permit X11 via proxy firewall? (ArkanoiD)


----------------------------------------------------------------------

Message: 1
Date: Wed, 05 Sep 2007 14:38:59 +0100
From: James Burns <james.burns@sunderland.ac.uk>
Subject: [fw-wiz] Managing multiple Cisco Pix's
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <46DEB173.6090802@sunderland.ac.uk>
Content-Type: text/plain; charset="iso-8859-1"

We're about to move from a pair of Cisco Pix 535's operating in an
active/standby configuration, to having two separate units with
unrestricted licences operating in an Active/Active configuration.

HOWEVER, we are not currently using multiple security contexts, so we
cannot enable failover between the two devices. In effect we are going
to end up with two separate devices, but that we will want to have
matching rulesets on. My question, therefore, is - what software is
available for managing multiple Pix units, and (if you've any experience
of it) is it any good?

Any help would be appreciated.

Kind regards,
James Burns
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3281 bytes
Desc: S/MIME Cryptographic Signature
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070905/d02756cc/attachment-0001.bin


------------------------------

Message: 2
Date: Wed, 5 Sep 2007 19:37:36 +0400
From: ArkanoiD <ark@eltex.net>
Subject: [fw-wiz] Do you permit X11 via proxy firewall?
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <20070905153736.GA9469@eltex.net>
Content-Type: text/plain; charset=us-ascii

And, if yes, how do you implement it?
Using legacy X11 proxies that perform uninspected (though authorized)
circuit relays, similar to TIS/NAI x-gw? Using something similar to
xorg's xfwp (which does not seem to be compatible with older X servers)?

Or is x11 firewall support just a useless tradition?


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 17, Issue 2
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)