InternetInternet Internet
|||
VPN Concentrator Firewall Firewall--VPN
Stnadard answer: it depends.
Followed immediately by the standard question: what problem are you
trying to solve?
The VPN Concentrator does not firewall or filter; it is a specialized
tunnel termination device. You may (emphasis on may) need to use it
when you are terminating more than about
of
the capabilities of the PIX however, so if you need a true firewall I'd go
with a firewall (not necessarily a PIX, I personally think they suck, go
with a Check Point).
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071
: Re: RE: Slow Browsing via 500 Pix firewall [7:74583]
Is the problem related to a slow initial connection to a Web Server? If
so
then it could be an IDENT protocol problem (TCP port 113 connection
coming
back to you from the server). Try putting service resetoutside on the
PIX
and see
: Faisal [mailto:[EMAIL PROTECTED]
Sent: Monday, 1 September 2003 3:38 PM
To: [EMAIL PROTECTED]
Subject:Slow Browsing via 500 Pix firewall [7:74583]
Hi All,
I am having problem of slow or interminnent browsing through pix firewall. If
I bypass the traffic speeds are fine. But if all
: Faisal [mailto:[EMAIL PROTECTED]
Sent: Monday, 1 September 2003 3:38 PM
To: [EMAIL PROTECTED]
Subject:Slow Browsing via 500 Pix firewall [7:74583]
Hi All,
I am having problem of slow or interminnent browsing through pix firewall. If
I bypass the traffic speeds are fine. But if all
Technician
GigaVelocity.com
- Original Message -
From: Jurkouich, Brett, CNTR, DCAA
Reply-To: Jurkouich, Brett, CNTR, DCAA
To: [EMAIL PROTECTED]
Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
Date: Tue, 2 Sep 2003 18:20:06 GMT
Try turning off the port 80 inspecting with the no fixup
Try turning off the port 80 inspecting with the no fixup protocol http
80 command
-Original Message-
From: Faisal [mailto:[EMAIL PROTECTED]
Sent: Monday, September 01, 2003 1:38 AM
To: [EMAIL PROTECTED]
Subject: Slow Browsing via 500 Pix firewall [7:74583]
Hi All,
I am having problem
Sent: 02 September 2003 19:20
To: [EMAIL PROTECTED]
Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
Try turning off the port 80 inspecting with the no fixup protocol http
80 command
-Original Message-
From: Faisal [mailto:[EMAIL PROTECTED]
Sent: Monday, September 01, 2003 1:38
Technician
GigaVelocity.com
- Original Message -
From: Jurkouich, Brett, CNTR, DCAA
Reply-To: Jurkouich, Brett, CNTR, DCAA
To: [EMAIL PROTECTED]
Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
Date: Tue, 2 Sep 2003 18:20:06 GMT
Try turning off the port 80 inspecting with the no fixup
Hi All,
I am having problem of slow or interminnent browsing through pix firewall. If
I bypass the traffic speeds are fine. But if all that traffic is going via
firewall then it becomes extremely slow. Please anybody can help me how to
sort this out.
Regards
Faisal
Message Posted at:
http
Richard Campbell wrote:
Thanks so much.. I think most of the company will get the worm
bcoz of the
laptop mobile user, they connect to net from their home and
infected by the
worm as there is no personal firewall on the laptop and then
they connect to
office network and infect others
Thanks so much.. I think most of the company will get the worm bcoz of the
laptop mobile user, they connect to net from their home and infected by the
worm as there is no personal firewall on the laptop and then they connect to
office network and infect others. How about blocking switch port
Hi.. My friends told me other than the microsoft patches can prevent
Blaster virus , a firewall and blocking switch ports can block the virus
too. Is there any configuration need to be added in my PIX and Cisco switch
ports in order to block them? If yes, is there any example?? But I don't
/default.aspx?kbid=826955
Vijay Ramcharan
-Original Message-
From: Richard Campbell [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2003 3:47 AM
To: [EMAIL PROTECTED]
Subject: how does firewall switch port block Blaster virus? [7:74092]
Hi.. My friends told me other than
Richard Campbell wrote:
Hi.. My friends told me other than the microsoft patches can prevent
Blaster virus , a firewall and blocking switch ports can block the virus
too. Is there any configuration need to be added in my PIX and Cisco
switch
ports in order to block them? If yes
Message-
From: Richard Campbell [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2003 3:47 AM
To: [EMAIL PROTECTED]
Subject: how does firewall switch port block Blaster virus? [7:74092]
Hi.. My friends told me other than the microsoft patches can prevent
Blaster virus , a firewall
Richard Campbell wrote:
Hi.. My friends told me other than the microsoft patches can
prevent
Blaster virus , a firewall and blocking switch ports can block
the virus
too. Is there any configuration need to be added in my PIX and
Cisco switch
ports in order to block them? If yes
doesn't seem to specify whether it will affect the
firewall config or not. I wouldn't assume that it would but we all know
what we get when we assume
Bruce Fyfe, Network Engineer
LAKESIDE INDUSTRIES
(425) 313-2600
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form
the upgrade. Can I simply send the binary via TFTP? The
Cisco documentation doesn't seem to specify whether it will affect the
firewall config or not. I wouldn't assume that it would but we all know
what we get when we assume
Od: Mariusz T.
Temat: Re: Upgrading PDM on a PIX firewall [7:70261
seem to address
specifically the upgrade. Can I simply send the binary via TFTP? The
Cisco documentation doesn't seem to specify whether it will affect the
firewall config or not. I wouldn't assume that it would but we all know
what we get when we assume
Bruce Fyfe, Network Engineer
Charles/Mark,
No infinate wisdom i'm afraid - just my £0.2.
Is it because the statements below effectively do nothing due to the fact
the statement 2 undoes what statement one has just done ?
[or have i missed the point.]
1)alias (inside) SERVERA_DMZ SERVERA_OUTSIDE 255.255.255.255
2)alias
255.255.255.255 0 0
I don't have a 3-interface pix to test these possible solutions on, so I
can't say for certain that I'm correct. :(
-Mark
-Original Message-
From: Richard Botham [mailto:[EMAIL PROTECTED]
Sent: Monday, June 02, 2003 7:12 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX Firewall 6.2.2
Fellows -
I have a senario here,
I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ.
Machines on the Inside Interface can access Server on DMZ Zone, no problem,
I have to facilitate limited access from DMZ zone Servers to Host on Inside
Interface.
Let take an example,
I have
: Curious [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 11:26 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall --- DMZ to Inside Access [7:69877]
Fellows -
I have a senario here,
I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ.
Machines on the Inside Interface can access
To: [EMAIL PROTECTED]
Subject: PIX Firewall --- DMZ to Inside Access [7:69877]
Fellows -
I have a senario here,
I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ.
Machines on the Inside Interface can access Server on DMZ Zone, no problem,
I have to facilitate limited access from
Hi, all,
I have a problem that is making me scream and shout, gonna knock myself out.
It has to do with my PIX firewall configuration.
The long and short of my problem is that the inside network can only reach
inside hosts and outside networks: it can not reach any host on on the DMZ,
depsite
:22 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall 6.2.2 Inside network can not reach DMZ hosts
[7:69756]
Hi, all,
I have a problem that is making me scream and shout, gonna knock myself
out.
It has to do with my PIX firewall configuration.
The long and short of my problem is that the inside
Hi all,
I protected my system by using PIX 515 and all my system and Network behind
that PIX,
I am trying to configure my PIX to allow the voice chat to allow my internal
users to talk with external people using MSN and Yahoo messenger Voice chat
service...
Actually I failed to get it up
Can
Whie I agree that by compriming the switch, the intruder can bypass the
firewall, I dont feel that it is of siginificant concern to warrant the
purchase of an addiitianal switch to seperate the two.
The big drive here is that you must secure your switch at L2, and if you do
so, I feel
Hi.
I usually separate firewall zone with different physical LAN in different
switches.
What do you think of separating firewall zone with VLANs in the same
switch/chassis?
Paulo
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65938t=65938
On Fri, 21 Mar 2003, Paulo Roque wrote:
I usually separate firewall zone with different physical LAN in different
switches.
What do you think of separating firewall zone with VLANs in the same
switch/chassis?
Generally a very bad idea! I fully agree with physical seperation.
Because if it's
, is that we 'twin'
each port -
an on site tech wanting to work on the thing plugged in to port 1 on the cat
1924 knows
he can just hook his laptop to port 11 and he is on the same segment.
Andrew Dorsett wrote:
On Fri, 21 Mar 2003, Paulo Roque wrote:
I usually separate firewall zone with different
:[EMAIL PROTECTED]
I have a cisco 2611 router/firewall that I need to open up for http:
traffic. I need to configure NAT to point to the static IP on the web
server. How do I do this? What are the specifics?
Thanks
Ken
Message Posted at:
http://www.groupstudy.com/form/read.php?f
on firewall... [7:65755]
OK...I got to the point of issuing this command (ip route 2.2.2.2
255.255.255.255 ethernet 0) at the configure prompt and got:
Internet(config)#ip route 216.224.32.195 255.255.255.240 ethernet 0
% Incomplete command.
Any recommendations???
Thanks
Ken
Robert Edmonds wrote
I have a cisco 2611 router/firewall that I need to open up for http:
traffic. I need to configure NAT to point to the static IP on the web
server. How do I do this? What are the specifics?
Thanks
Ken
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65755t=65755
2611 router/firewall that I need to open up for http:
traffic. I need to configure NAT to point to the static IP on the web
server. How do I do this? What are the specifics?
Thanks
Ken
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65763t=65755
Dear ALL;
Anybody may help regarding how to configure 1721 Cisco router (Internet
Router) as a firewall if that router contains just an Ethernet port and
one BRI ISDN WAN BRI0 connectivity to Internet.
Do we need a natting to be to setup on both interfaces ETHER AND BRI.
A Sample is preferred
I am trying to setup a site to site VPN between a PIX running 6.2.1 and
Symantec Firewall 7.0. It is not making it past IKE and just keeps looping
the IKE phase. It matches a policy and then loops over again. In the show
crypto isakmp sa output, I get hundreds of QM_IDLE and every few seconds
Dear ALL;
Anybody may help regarding how to configure 1721 Cisco router (Internet
Router) as a firewall if that router contains just an Ethernet port and
one BRI ISDN WAN BRI0 connectivity to Internet.
Do we need a natting to be to setup on both interfaces ETHER AND BRI.
A Sample is preferred
Hi Robert,
Your first static line wont work .. if you think about it, you will be
trying to pass an IP address (which the pix thinks is on the inside
interface), in from the outside interface. The Pix will see this as
spoofing and drop the packet.
What are you trying to achieve ?
Robert
Can the following be done??
Inside int: 10.1.1.0
outside int: 172.16.1.0
static (inside, outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.155
static (inside, outside) tcp 10.1.1.1 telnet 207.208.203.21 telnet netmask
255.255.255.255
Since these are overlapping, will it work? Thx
Ask wrote:
Dear all,
Inbound ICMP packets send to my windows 2000 professional PC
from the
router. From the logfile, the local address is 224.0.0.2 and
the remote
address is the router.
Why the PC get the packet ?
It's a multicast. All devices in the broadcast (multicast) domain will
It's multicast for all routers. See
http://www.iana.org/assignments/multicast-addresses
Charles
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 11:24 AM
To: [EMAIL PROTECTED]
Subject: RE: Firewall blocked 224.0.0.2 [7:64236]
Ask wrote
Dear all,
Inbound ICMP packets send to my windows 2000 professional PC from the
router. From the logfile, the local address is 224.0.0.2 and the remote
address is the router.
Why the PC get the packet ?
Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64236t=64236
Hi,
I have 10 different VPN tunnels from my Pix520 firewall (500Mhz PIII and
256MB of
RAM) to other Firewalls (Pix and Checkpoint) and Cisco VPN Concentrators.
At
the moment, all of the tunnels are using 3des, sha and DH group 2 in phase
1. In
phase 2, I use 3des and sha1. For security
Dear All,
I believe some one always try hacking my private network,
I got the ip address and how am I check who they are?
Please help...!! Thanks
Rgds,
Steiven
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64064t=64064
--
Dear All,
I believe some one always try hacking my private network,
I got the ip address and how am I check who they are?
Please help...!! Thanks
Rgds,
Steiven
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64063t=64063
--
Try NSLOOKUP and WHOIS query . It will tell you either a costumer info or a
Service provider Block. If it tells you about
Service provider then you should contact this provider and send them a log,
let them know that one of there customer trying to hack into your network.
They will definitely take
PROTECTED]
Subject: Urgent Help !! How to check who's always attack my firewall
[7:64064]
Dear All,
I believe some one always try hacking my private network,
I got the ip address and how am I check who they are?
Please help...!! Thanks
Rgds,
Steiven
Message Posted at:
http://www.groupstudy.com/form
Finally a question i can help with...
goto http://www.uwhois.com
regards,
odus
Original Message Follows
From: Steiven Poh-\(Jaring MailBox\)
Reply-To: Steiven Poh-\(Jaring MailBox\)
To: [EMAIL PROTECTED]
Subject: Urgent Help !! How to check who's always attack my firewall
[7
Dear All,
I believe some one always try hacking my private network,
I got the ip address and how am I check who they are?
Please help...!! Thanks
Rgds,
Steiven
If they're being blocked at your firewall it may best to just leave
them alone. I don't know if it's very helpful to try to track
You are looking to do a DNS look-up.
Example:
DNS lookup command issued. Waiting for reply...
Office host name: w14.www.dcn.yahoo.com
Internet address: 216.109.125.67
DNS lookup command completed.
If the DNS look-up does not work, look in to finding
someone with SolarWinds software.
: Thomas Larus [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 9:27 PM
To: [EMAIL PROTECTED]
Subject: Re: Firewall/PIX help [7:63167]
Sonic Wall Firewalls can do some content filtering and there is an
antivirus
option you can get. No IDS, though. Pix has a rudimentary IDS, as has
been
s:[EMAIL PROTECTED]...
Hi,
I'm looking for firewall solution for my company, we
have two WAN connections and currently my users are
connected thru two proxy m/c to Internet.
Which PIX model would server the needs.
I also need content filtering, Intrustion detection
and Anti-virus pr
The PIX does have IDS capabilities, but very rudimentary. no anti-virus or
content filtering.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63296t=63167
--
FAQ, list archives, and subscription info:
I thought the PIX can do content filtering if hooked up with websense?
Doesn't it use WCCP to do this.
Sonicwall says it can do inbuilt anti-virus, content filtering. But it looks
like its a subscription based service so it's not really your firewall doing
these functions.
-Original Message
looking for firewall solution for my company, we
have two WAN connections and currently my users are
connected thru two proxy m/c to Internet.
Which PIX model would server the needs.
I also need content filtering, Intrustion detection
and Anti-virus protection on firewall itself.
Hi,
I'm looking for firewall solution for my company, we
have two WAN connections and currently my users are
connected thru two proxy m/c to Internet.
Which PIX model would server the needs.
I also need content filtering, Intrustion detection
and Anti-virus protection on firewall itself
Network OperationsSonic.net, Inc.
707.522.1000 2260 Apollo Way
707.547.2199 (FAX) Santa Rosa, CA 95407
- Original Message -
From: Hitesh Pathak R
To:
Sent: Thursday, February 13, 2003 11:21 PM
Subject: VPN Cisco Secure PIX Firewall [7:63013]
Dear Group
Dear Group,
Need some info on establishing site-2-site VPN using Cisco secure 525 PIX
firewall. Can some body forward some url or sample config on the same.
Many thnx in advance
Thanks
Hitesh
DISCLAIMER:
Information contained and transmitted by this E-MAIL is proprietary to
Wipro Limited
Hello
Could you please tell me in the PIX Cisco firewall their clients need to be
firewall clients or not?
Hanan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62746t=62746
--
FAQ, list archives, and subscription info: http
Hello
Could you please tell me in the PIX Cisco firewall their clients need to be
firewall clients or not?
Hanan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62761t=62761
--
FAQ, list archives, and subscription info: http
hanan wrote:
Hello
Could you please tell me in the PIX Cisco firewall their
clients need to be
firewall clients or not?
PIX isn't a client/server architecture. Firewalls generally aren't. The term
firewall client isn't used usually.
PIX is a network firewall that protects an inside
Hello groupies,
I was reading the PIX book and it apparently said that the no. of connection
supported by a PIX firewall (higher order) is 500,000. Does this mean that
upto 500,000 sessions can be established or something else? If so, what do I
do if I have a thoroughput of say 2 million users
I believe that if you check the Cisco website or documentation, you will see
that it defines a session as a single TCP or UDP connection. If somehow you
had 2M users, yet their total number of sessions never exceeded 500K, then
your firewall could handle 2M users. I am not addressing performance
These are TCP and UDP connections. Keep in mind that PIX must keep a state
table for these connections so thats probably where it gets the limit from.
I really can't see how you could have 2 million users internally going
through 1 firewall so I assume you mean 2 million people hitting a webserver
. These
2 boxes are simple firewalls. I would like to upgrade to at least 525's (not
to mention a beefier router) or just a REALLY beefy router running firewall
IOS but, alas, it's not in the budget this year so I chug right along with
my 515's doing exactly what I need them to. If you're not running
To all,
I have received an email from Brantley Coile, on of the two co-developers of
the PIX firewall, congratulating me on my book. He kindly sent me
information about the development of the PIX and its subsequent sale to
Cisco. If you would like to see the entire story, please visit this link
Cool.
Richard Deal wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62540t=62512
--
FAQ, list archives, and subscription info:
First of all, what version of Pix OS are you running?
I have a similar setup like yours with a franken pix firewall between
an Oracle9i Server running on Linux and an Oracle9i Client running on
a windows 2k machine.
I am running version 6.3(0) build 131 on my franken pix firewall and
it works
I have a PIX firewall between a oracle server and a client.
The client always start a connection on port 1521 on the server.
The server always send a port redirect to the client informing the client to
start a new connection on second port.
This second port is always random, what makes me
Hi all,
A have a Checkpoint FW-1 and a VPN concentrator in a new design.
Where is the best place to put the VPN concentrator related to firewall?
a) before the firewall (in the outside network)
b) after the firewall(in the inside network)
c) in parallel with the firewall
d
Inside the firewall. I haven;t worked with the concentrators before, but
have used Cisco rotuer for RAS VPN. All it needs is one interface for this
fucntion, real nice. Putting it behind FW ensures only stateful TCP sessions
are used and protects it from outsiders.
Paulo Roque wrote in message
You may want to consider the concentrator in a dual DMZ scenario. The
benefit of putting it in a dual DMZ scenario is not only can you control the
outside access, you can also control the resources a remote can see in the
inside once a tunnel is established. If you place it behind the firewall
Hello
I think you did not open port on pix to send log information to server
when you install pfss software it shows what ports it is using on TCP and
UDP check it and modify this commnad on pix
logging host inside 192.168.11.254 tcp/the port number
by default is uses 1468
but some time it use
If it wasn't for those Crappy Windows machines, we would have jobs.
-Original Message-
From: d tran [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 9:18 PM
To: [EMAIL PROTECTED]
Subject: Re: How to stop SYN Flood with Pix firewall? [7:61891]
I am not sure how many Packets
using a real
syslog server on a Freebsd box. Once again thank you for your replies.
-Original Message-
From: Usman Ali [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 27, 2003 4:56 AM
To: [EMAIL PROTECTED]
Subject: Re: Help with pix firewall logging [7:61902]
Hello
I think you did
the 'show capture' command to see the results.
Hope this helps,
Scott
--- On Sun 01/26, Elijah Savage III wrote:
From: Elijah Savage III [mailto: [EMAIL PROTECTED]]
To: [EMAIL PROTECTED]
Date: Sun, 26 Jan 2003 18:21:10 GMT
Subject: RE: Help with pix firewall logging [7:61902]
As a last resort I
All,
I have a pix running 6.2 it is logging to a freebsd server on the local
network. It was logging at one time to syslog no problem but all of a
sudden it stopped and I can't get it working. Here is the logging config
I turned up logging to see if it would help and nothing. Yes I am sure
As a last resort I did reboot the pix also but still no logging, what am
I missing?
-Original Message-
From: Elijah Savage III
Sent: Sunday, January 26, 2003 1:11 PM
To: [EMAIL PROTECTED]
Subject: Help with pix firewall logging [7:61902]
All,
I have a pix running 6.2 it is logging
Is syslogd still accepting connections from network devices? Did you
change the firewall on the FreeBSD machine? The problem may not be the
PIX.
Ken
Elijah Savage III 01/26/03 10:11AM
All,
I have a pix running 6.2 it is logging to a freebsd server on the
local
network. It was logging
The problem is definitely the pix. Even if syslogd was not running or a
firewall running on the box was blocking it I would still see the
packets arriving to the box when running tcpdump on the server.
But yes other machines are still logging to this box.
-Original Message-
From: Ken
It may that no alerts at the warnings level have occured. Trying setting
it at a high level such as 6 or 7 (which pretty much logs everthing). Once
you have ascertained that logging between the PIX and syslog server are
working, then restore it back to the warnings level.
HTH,
Charles
Elijah
Guys,
I have the following scenario:
I have a pix 520 firewall (750MHz with 512MB of RAM) in the lab. The
inside
interface is 10.100.0.254/24 and the outside interface is
172.16.1.253/24.
I have a linux server residing on the inside network with IP 10.100.0.71
running
Apache Server
/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1026694
-Original Message-
From: d tran
To: [EMAIL PROTECTED]
Date: Sat, 25 Jan 2003 21:41:09 GMT
Subject: How to stop SYN Flood with Pix firewall? [7:61875]
Guys,
I have the following scenario:
I have a pix 520 firewall (750MHz with 512MB of RAM
] [connection_limit] [em_limit]]
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1026694
-Original Message-
From: d tran
To: [EMAIL PROTECTED]
Date: Sat, 25 Jan 2003 21:41:09 GMT
Subject: How to stop SYN Flood with Pix firewall? [7:61875]
Guys,
I have
, 2003 3:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: How to stop SYN Flood with Pix firewall?
Guys,
I have the following scenario:
I have a pix 520 firewall (750MHz with 512MB of RAM) in the lab. The
inside
interface is 10.100.0.254/24 and the outside interface is 172.16.1.253/24.
I
NATed address
172.16.1.71, they have NO problems surfing the Internet or any other network.
In fact, I am writing you this email as my other two linux servers are
sending
SYN flood to the web server and the CPU on the Pix firewall is at 99%.
You wouldn't have to fight the udp 1434 problem had you
per second,
I can easily imagine that it will crawl.
BTW -- very interesting experiment.
Przemek
(fighting with udp 1434 now)
On Sat, 2003-01-25 at 16:40, d tran wrote:
Guys,
I have the following scenario:
I have a pix 520 firewall (750MHz with 512MB of RAM) in the lab. The
inside
On Sat, 2003-01-25 at 21:18, d tran wrote:
I am not sure how many Packets/Sec hping2 generate but I don't think
100BaseT
was saturated because the whole thing is connected to a Cisco 2924-XL
Enterprise
switch (running 12.05(T)) IOS.
I mentioned this saturation stuff not to suggest that it
I've gone through an issue like this before and remember some issue about
Exchange using constantly changing ports. But this link might be able to
help you.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;155831
Message Posted at:
Exchange will use 135 to discover (portmapper) and then use dynamically
assigned ports for the actual conversations. Your best bet is to statically
map the ports in Exchange and then you don't have a moving target from the
firewall point of view.
http://support.microsoft.com/default.aspx?scid=kb
Has anyone used the access-list compiled on the pix firewall? Cisco says
that
it optimizes the access-list and make things run smoother if your
access-list is
at least 20 lines long. Has anyone actually measured this on a production
environment?
Advise please
, January 24, 2003 3:46 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: access-list compiled on Pix firewall
Has anyone used the access-list compiled on the pix firewall? Cisco says
that
it optimizes the access-list and make things run smoother if your
access-list is
at least 20 lines long
, January 24, 2003 3:04 PM
To: [EMAIL PROTECTED]
Subject: RE: access-list compiled on Pix firewall [7:61803]
I've used the turbo acl function and it seems like a nice feature but didn't
notice any real difference performance wise. Had 29 lines of filters.
Thanks,
Ian
www.ccie4u.com
Rack Rentals
]]
Sent: Friday, January 24, 2003 10:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Microsoft Exchange/UMS and Firewall [7:61747]
Exchange will use 135 to discover (portmapper) and then use dynamically
assigned ports for the actual conversations. Your best bet is to
statically
map the ports in Exchange
Hi All,
Need your advice on the following situation: I have a Active Voice Unified
Messaging System on Location A, and a Microsoft Exchange Server at Location
B. Both Location A and B are protected by Checkpoint firewall. Please
advice how the firewall be configured such that it will allow MAPI
What is the difference between a Local Director and a Pix Firewall? Assume
they have at least 3 NICs each.
Also, I have recently purchased a Cisco Pix Firewall/Local Director on ebay.
I cannot seem to find the model #, all i know is its running
Version 4.14. Most likely it has 2MB flash. I
on this.
regds
Hitesh
-Original Message-
From: Vicuna, Mark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 7:45 AM
To: Hitesh Pathak R
Subject: RE: Catalyst 6xxx switches and 2 firewall in clust [7:60235]
Importance: High
Hi Hitesh,
I am curious to find out your solution
1 - 100 of 867 matches
Mail list logo