Eliyah,
Short answer is "deny all".
The PIX default behavior is defined by the PIX specific Adaptive Security
Algorithm (ASA). ASA allows the PIX to define a security level (1-100) for
each interface. ASA by default allows devices inside the firewall (or on
an interface with a higher security level) to send traffic through
interfaces with lower security levels (i.e. the outside).
So if you are "inside" on a PIX connected network with level 100 you can
send traffic out to any interface and receive return traffic. If you are
on the outside (security level = 0) you cannot get in unless there is an
access list or conduit that allows your traffic.
You can not turn ASA off.
If you want to bypass the PIX firewall you will need to either create a
permit all any any access control list to let traffic through; or remove
the PIX from the data path.
Regards,
Brian
At 08:20 AM 7/5/2001 -0700, [EMAIL PROTECTED] wrote:
>Date: Wed, 04 Jul 2001 17:05:35 -0500
>From: "Eliyah Lovkoff" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: PIX basic question
>
>I don't have experience with PIX but have some with Cisco routers.
>As long as I understand PIX uses access lists to block specific traffic.
>Most firewalls have by default 'deny everything' and then you have to =
>permit (open) ports for specific traffic.
>What about PIX? Does it have 'deny all' or 'permit all' by default?
>
>P.S> I want to 'stop' PIX to see if that solves my communication problems..=
>...on Checkpoint I would use 'fwstop' to make sute that no traffic is =
>blocked but I'm not sure how I can do the same on PIX....
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
