Search This Blog

Thursday, March 17, 2011

firewall-wizards Digest, Vol 56, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: PIX 515 7.1 vs: 8.0 (Kevin Horvath)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 Mar 2011 16:07:49 -0400
From: Kevin Horvath <kevin.horvath@gmail.com>
Subject: Re: [fw-wiz] PIX 515 7.1 vs: 8.0
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<AANLkTinmK37+YspjyrsX5ZVX=7-RaO42D3zac0D15D2c@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

1) enable local buffer logging, manually add a host with IP on the
inside, then try to access something on the internet, and view your
logs for errors, view your connection table "show conn det", and your
xlate table to see where the issue is.

2) add a default route to the outside interface, everything else
appears directly connected so you dont need routes for those (you can
verify your route table with "sh route").

3) as someone mentioned, looks like you have dhcpd enabled for the dmz
and vonage interfaces and not the inside. Add a entry for the inside
as well.

On Sat, Mar 12, 2011 at 12:54 AM, Christopher J. Wargaski
<wargo1@gmail.com> wrote:
> Hey Brian--
> ??Configuration-wise you should have no problems with 8.0 if you know 7.1.
> ?? You appear to have NAT configured correctly. You ACLs look good too. what
> I do not see are any route statements--do you have a default route set?
> ?? Also, you should increase the message-length maximum to 4096 given the
> rollout of DNSsec.
>
> cjw
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 56, Issue 3
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)