You can absolutely delete individual static and conduit commands (there's no
significance to the order of static commands). You can only add conduits to
the end of the list, but they are processed on a best-match basis instead of
a first-match basis (even though the PIX docs imply otherwise), so it almost
always isn't an issue. This all changes with access-lists, which *ARE*
order dependent, though you *CAN* delete individual access-list entries in
the PIX without deleting the entire list (unlike IOS routers).
To make changes to an access-list in a router or PIX without interrupting
security for too long, I add a completely new list that's essentially the
old list with my changes applied (via Wordpad or whatever and then
copy&paste). When the new list is in and correct, just enter the new
access-group command, which will replace the old one. You can then remove
the old access-list.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9436&t=9333
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
