I really hope you arent trying to limit outbound traffic with a PIX
alone, because the short answer is YOU CANT.  I found this out the hard
way when conducting a security audit on a credit union using only a
Cisco PIX firewall to protect their inside machines and provide NAT.  
According to the Cisco techie I tracked down, the PIX wasn't designed to
provide bidirectional access controls, only inbound...

Just my .02...

-HD

http://nlog.ings.com            (like nmap?  try nlog!)
http://www.secureaustin.com     (its coming...)



S Windhausen wrote:
> 
> Hi Simon, we got our PIX (520) about 4 months ago, and here is my opinion.
> 
> > We have recently purchased a PIX firewall and are in the process of
> > configuring it.
> >
> > What is the use of the GUI configuration tool?  Is it worth using?
> 
> The GUI install was easy (no gotchas that I can recall).  I tried using it,
> but help wasn't that helpful.
> 
> > How difficult is the command line language to learn with reasonable
> > experience configuring cisco routers?
> 
> I come from Security Admininstration, with no router configuration
> experience.  It took me a week
> to sift through the default config and understand how to configure the PIX.
> Depending on your
> requirements, the line command was the easiest and fastest to implement.
> 
> Make sure you: 1) save your original config (write floppy) 2) fully
> understand nat; and 3) have a security
> policy in place.  Hope this helps.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to