11-29-2001 07:41 AM - edited 02-20-2020 09:55 PM
I have upgraded to CSPM 2.3.2f (actually a fresh install), rebuilt my topology, setup my static mapping, NAT, globals, etc. I then recreated my policies for access to the mail and dns servers - exactly the same as they were in CSPM 2.2. Unfortunately the new version of the CSPM for the PIX (f train) is not picking those up and creating the appropriate ACLs/conduits to access those services. Is there something I'm forgetting? Thanks.
 
					
				
		
11-29-2001 06:36 PM
rsmith,
The PIX has DNS Guard which is always on and can't be turned off. That may have obviated your DNS rule.
PIX has MailGuard which I think is on by default and may obviated your mail server rule. Check the "fixup smtp ..." command in the configurations.
Liberty for All,
Brian
11-30-2001 05:52 AM
Brian:
I checked the command configurations that the CSPM will send to the PIX...there are no fixup statements in the config for DNS or SMTP.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide