Re: Cisco pix configuration.

Fri, 15 Oct 1999 23:56:44 -0700 

Wrong answer my friend.
You can very easily filter outbound traffic with the PIX with an ACL
statement such as "outbound 11 deny 2xx.yyy.000 255.255.255.0 80 tcp" for
example.

-GMO-

----------
>From: H D Moore <[EMAIL PROTECTED]>
>To: S Windhausen <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED]
>Subject: Re: Cisco pix configuration.
>Date: Fri, Oct 15, 1999, 11:45 AM
>

> I really hope you arent trying to limit outbound traffic with a PIX
> alone, because the short answer is YOU CANT.  I found this out the hard
> way when conducting a security audit on a credit union using only a
> Cisco PIX firewall to protect their inside machines and provide NAT.
> According to the Cisco techie I tracked down, the PIX wasn't designed to
> provide bidirectional access controls, only inbound...
>
> Just my .02...
>
> -HD
>
> http://nlog.ings.com  (like nmap?  try nlog!)
> http://www.secureaustin.com (its coming...)
>
>
>
> S Windhausen wrote:
>>
>> Hi Simon, we got our PIX (520) about 4 months ago, and here is my opinion.
>>
>> > We have recently purchased a PIX firewall and are in the process of
>> > configuring it.
>> >
>> > What is the use of the GUI configuration tool?  Is it worth using?
>>
>> The GUI install was easy (no gotchas that I can recall).  I tried using it,
>> but help wasn't that helpful.
>>
>> > How difficult is the command line language to learn with reasonable
>> > experience configuring cisco routers?
>>
>> I come from Security Admininstration, with no router configuration
>> experience.  It took me a week
>> to sift through the default config and understand how to configure the PIX.
>> Depending on your
>> requirements, the line command was the easiest and fastest to implement.
>>
>> Make sure you: 1) save your original config (write floppy) 2) fully
>> understand nat; and 3) have a security
>> policy in place.  Hope this helps.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to