Arnold, If traffic is passing through both of these pixes, this rule will apply to your case.
I have seen some financial companies setup where they have web tier accessible through frontline pix and backend accesssible through second pix(although generally they use other vendor firewall as 2nd firewall, if they have two firewalls, but for the sake of argument let's say pix). Data on the backend is only accessible by web tier and not outside world. In that case, it is not necessary to use norandomseq. -Keyur Shah- CCIE# 4799 (Security; R/S) CISSP,ccsa,css1,scsa,scna,mct,mcse,cni,mcne Hello Computers "Say Hello to Your Future!" http://www.hellocomputers.com Toll-Free: 1.877.794.3556 -----Original Message----- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 8:21 AM To: [EMAIL PROTECTED] Subject: PIX 525 norandomseq?? [7:59471] Cisco states that the norandomseq comand should be not used when you have a pix "inline" with another pix. Does "inline" mean directly connected? I have a 525 at the edge and a few 500 series Pixs in other places in the network behind a 6500 and or a 5500 router(s). Do I have to worry about this in my situation on the statics? Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59507&t=59471 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
