In an enterprise using an in-line IPS deployment with CSM/MARS for mgt/mon of IPS devices, what is the recommendation for a lab to test IPS changes (signatures,filters,code,etc) in production? Looking for an enterprise perspective.
Hi. I've configured a FWSM with a Core6509 and I have this problem: In the Core I configured a Vlan90, The procedure was: Vlan Database --> VLAN90 name DMZ1 --> VLAN90 state active --> exit. Next I done this command: firewall vlan-group 90 90 --> fir...
Just a quick question really...What is the difference between an ACL and a firewall?As far as i can see they both can deny/permit traffic based on source or destination IP/network as well as by protocol and port.Are they essentially the same thing ...
I have two ASA 5520's running 8.0(2) and ASDM 6.0(2). Ever since I upgraded I've had issues with ASDM when using the Real-Time monitor, it pegs my PC processor at 100% and locks up ASDM. I guess it could be my machine, but I never had an issue with...
Hello allI need to configure a Pix to startup a VPN connection on recieving some interesting traffic from a remote PC using Cisco VPN Client.I have'nt a clue where to start ..Can someone advise ?Many thanks
Can I have two seperate connections to an ASA 5520 from two different switches in the same DMZ. Will both these link work in an ACTIVE/ACTIVE mode. Kindly Advise.
Hi!Ifip inspect log drop-pktis enabled I see a lot of the following error messages:%FW-6-DROP_TCP_PKT: Dropping tcp pkt 10.1.1.120:2740 => 10.7.1.6:25 due to Stray Segment -- ip ident 48234 tcpflags 0x5004 seq.no 2494264063 ack 2494264063What does t...
Hello I am currently terminating my ISP's PPPoE connection (static IP) on my Cisco Soho77, and then using an internal IP on my firewalls outside interface and therefore double natting. I dont have a problem with this (makes me feel moer secure) but w...
i have a problem on my FTP from my dmz to my internal network when backing up data. it seems to time out and but i can check the inside server where the data from the dmz was transfered, it seems to have the file. i have already configured a:static (...
PIX 515 running 6.3(3) code, been running for years. All of the sudden, any STATIC NATs I have configured stopped working (including my Email server and Webserver); if you take them off of Static, and put them thru the PAT they get out just fine. An...
I keep seeing the following error messages on FWSM.106007: Deny inbound UDP from rs-dc2/53 to fs-secweb001/1026 due to DNS ResponseBoth servers are are on sperate interfaces. rs-dc2 is a windows 2003 server and fs-secweb001 is a web server that is o...
Hi .. I am currently preparing a solution and would like to know whether is it possible to bridge two physical interfaces on the ASA (I am not talking about transparent firewall) the way you can do it with a router using bridge groups ... Any comme...
Hello everyone,Is there a way to protect against operating system detection using Cisco PIX similar to "mangle" feature of IPTables that allows modification of response packets from the server behind the firewall to imitate some other operating syste...
