Rasmus Aaen wrote: > Is it nessecary to reload every time I make changes to the access lists? > This is a bit of a problem since the pix drops all connections when I reload > it. If I didn't have to reload it to apply the changes I could save a lot of > "late-night hours at the office" :-)
if you do a change to the acl, it should be active immediately. the problem are existing connections, hold at the session table. doing a "clear xlate" is like rebooting your firewall, all connections will be destroyed. you can wait. somewhere the existing connections will be finished. or the sm way: do a "sho conn", collect all existing connections breaking the new rules and kill every connection separately. dirk _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
