We have recently added a second subnet needing to be accessed by our Checkpoint 4.0 firewall. So far we have not been able to make the objects exportable successfully. The subnet (192.168.13.x) is across a frame relay (12 channels) connection and an intermediate private (192.168.14.x) network. Network traffic behind the firewall works correctly, however the objects we have defined in the firewall cannot be reached from the outside. My partner in crime does not beleive we need the Arp entries like we do for objects on the local (192.168.11.x)subnet, I think we do. However, we have still had a problem after adding the entries. I have tried Checkpoint's site, but we could not find our username and password and the "Public" info did not contain this level of info. Has anyone else tried to make objects on remote subnets exportable? We want to route mail and web traffic over there, but so far it has not worked. All suggestions would be appreciated.
Ken Claussen MCSE CCA CCNA
[EMAIL PROTECTED]
"The mind is a terrible thing to waste!"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Ford
Sent: Monday, October 23, 2000 9:13 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Harderning Cisco PIX Firewall??
mssjim,
The PIX firewall (as well as our NetRanger IDS and much of our CiscoSecure line of products) uses a Cisco proprietary operating system. So when you ask about "hardening" the device; and I take that to mean you want to check for and address any weaknesses in the underlying operating system, that has already been done.
I suggest you read the product documentation, particularly the section about the Adaptive Security Algorithm (or ASA) in the PIX. That will give you some insight into what the PIX does by default. You can then implement your particular security policies from there.
Regards,
Brian
You wrote:
Could anybody tell me how can I harderning the PIX Firewall? Any
document mention this issue?
Thanks
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
