02-20-2008 10:58 AM - edited 03-11-2019 05:05 AM
Hello there,
I have an app server seating on my PIX's DMZ and I need to know how can I monitor (in real time) inbound traffic from the Outside interface (users out there) to the specific host 192.168.2.4 (app server) on the DMZ interface...
Basically i need to know if inbound traffic can actually reach the server AND if so... I need to check if that traffic is coming back from the server to the PIX and back to the end user out there
makes sense ?
Glenn
02-20-2008 11:05 AM
Monitoring on the Pix is very limited. You may
want to do this on the upstream router using
NetFlow. NetFlow can provide you with very
accurate information.
The other alternative is you can monitor
on the server itself, if the server is
Linux. You can use a freeware tool called
iptraf. I use it, excellent tool.
CCIE Security
02-20-2008 09:10 PM
hello Glenn, Yes you can certainly monitor this traffic in extensive detail and also verify if the packet is returning back or not
on the DMZ interface set the
following Packet Captures :-
access-l abc permit ip host
and then another ACL in reverse order for return traffic
access-l abc permit ip host 192.168.2.4 host x.x.x.x
x.x.x.x-->ip address of source on outside
Capture cpz access-l abc packet-length 1518 interface DMZ
generate the traffic and afterwards use the following command to check the packet captures
show capture cpz
The other way is to set logging on Pix firewall which is a very good way to report the traffic through the pix on a syslog server
does this help !
02-20-2008 09:29 PM
you got to excuse my language but HELL yeah it does!!!!
Thanks a lot my friend!!
Glenn
02-20-2008 09:34 PM
I am glad..my post at 12 in the night did not go waste ..cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: