On 14 Feb 2002 at 14:26, Rasmus Aaen wrote: > The access-list group for outbound connections ends with a "deny all" rule, > which is fine. But when I added the new rule, it was placed under the "deny > all" rule. So i had to remove the "deny all" rule and add it again to get > the order right. Is it possible to specify where a new rule should be placed > so I don't have to remove and add the "deny all" rule all the time?
What OS are you running? Under 4.x the order doesn't matter as you should be using a "deny all" with "except" rules to override the deny. With 5.x you can use the same syntax, and I still do. I haven't tried the newer syntax that matches the IOS access-list commands so I can't help there I'm afraid. Normally for outbound the PIX decides whether to allow the connection based on a "best fit" rather than the explicit ordering of the rules. > While telnet is probably ok when I get used to it, i've read in the manual > thar I can use a program called "PIX Firewall Manager (PFM)". Where can I > get this. I've tried searching cisco.com but to no avail. Can anybody give > me a hint to this? I tried PFM with 4.4 and it was a disaster. Apart from crashing regularly and not being able to read most of my config I couldn't get it to write back to the PIX. I've heard the new one for OS v6.x is much better but as I'm still using v5.3 I haven't tried it yet. To download it you will need CCO access to the Cisco site and log in - if you don't have CCO access then check your Cisco contract for details or the reseller your company bought the PIX from, my reseller set up my CCO access for me. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
