The pix reorders or 'optimizes' certain types of rulesets then? Tghis is
interesting, and something I'm not used to having 'done for me'.
Question, if I'm reading this posting correctly, how far does the pix go
in 'optimizing' the rules given it? While I can see how this can be
somewhat of an asset, I also see how this could be an issue of clarity
when determing a config in the first place to say the least, depending
perhaps upon how much the pix reorders.
Thanks,
Ron DuFresne
On Sat, 7 Jul 2001, Claussen, Ken wrote:
> Sean Settle wrote
> "The answer would be yes, order matters on a PIX (examples use access-list
> configuration, but the same is true of conduits/outbound rulesets as well)."
>
> In the case of "Outbound/apply" statements (which Cisco recomends converting
> to access-list statements to maintain future compatability) the pix orders
> them by most specific match. "Show config" will list your config "as-is". A
> "Show Outbound" command will produce a list of your outbound statements as
> the Pix orders them. The order is optimized by the Pixes ASA which Brian
> discussed previously. HTH
>
> Ken Claussen MCSE CCNA CCA
> [EMAIL PROTECTED]
> "The Mind is a Terrible thing to Waste!"
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
