Engage with peers and experts on network security topics such as Secure Firewall Threat Defense, Adaptive Security Appliance, Secure Firewall Management Center, and Security Cloud Control.
We have a PIX 515 at a remote office. It is connected to a cable modem. We had a VPN up and running with no problems. The cable company did an upgrade and now the PIX will not get a DHCP address from the cable modem.I have talked to them multiple ...
I've never used this command before, so I'm not sure if this is an appropriate use...but, I have a 515-e running 7.12 with internal clients trying to hit their old ip scheme of 10.25.x.x (havent' found the source of why/what on the machines are still...
Consider a scenario with redundant pix pair pixA and pixB (say 6.3x code) and internal switches sw1 and sw2. Fa0 of pixA is connected to port 3/1 or sw1 and fa0 of pixB is connected to port 3/1 of sw2. Assuming pixA is the primary and sw1 fails..is ...
Hello experts. I wonder if there is a solution to this problem. I have a single host in a dmz 192.168.9.6/29 with a 515 pix at 192.168.9.1/29, and 172.30.7.250/24 on internal interface. There is also an external I/F but it is irrelevant to the proble...
hi, I run CNR 6.2.2 and cmts with subinterface. When one cable modem wants to regester and the following information will appear in CNR log.i have disable dhcp server attribute"vpn-communication" and ignore-optionslike option 82, 220 but the situa...
Hello All,We have deployed VPN's via ethernet and we integrate that via dot1q VLAN's on a subinterface on a GigEthernet. We then make those a member of a specific vrf forwarding VPN for example.interface GigabitEthernet0/1.101 description VPN-CUST1 ...
Can someone please explain briefly when should I use the HTTP/FTP AIC signature engine over any other type?I ask this question because for instance the FTP commands can be looked for in either String TCP engine, Atomic TCP or FTP AIC engine, but whic...
I want to do the following:Only if the target of the attack is MailSrvand the RR > 85--->block attackerIf target is any other host -->don't block===========My problem is that I cannot specify the dst IP in the event action override.So my only choice ...
I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically ...
Is it possible to correct incoming and outgoing packet's MTU size for example to 1200 ? on ONE virtual interface ... for example named as "testing" ...is it possible to correct MTU size of packets going to/from selected host ?
Greetings all,I need some help with the following scenario. Site A is 192.168.100.x network with all computer default gateway pointed to the inside of the PIX 515E (192.168.100.1). Site B is 192.168.101.x network with all computer points to the insid...
HiI need to allow nfs (IP x.x.x.x) to be mounted from my internal network to a server in the dmz (y.y.y.y). Could someone please help me with this.I've attached my config for reference.Thanks in advance for any helpDan
