Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

What commands still needed in PIX 7.x?

gtfree
Level 1
Level 1

‎07-12-2007 08:05 AM - edited ‎03-11-2019 03:43 AM

Hi there,

I've read the PIX 6.x to 7.x upgrade guides but we have corporate security standards that say the following commands must be configured with our existing PIX 6.x:

- ip verify reverse-path <interface>

- fragment chain 45

- sysopt security fragguard

- floodguard enable

- ip audit info [action alarm]

- ip audit attack [action drop]

- no sysopt route dnat

Which of these command are still necessary with PIX 7.0 and which have been deprecated or enabled by default? Is this documented somewhere?

Are there any new commands that should be considered for hardening of Cisco PIX firewalls?

Thanks for your help.

Gary Freeman

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎07-15-2007 07:42 AM

Gary, here are the answers to your questions.Check this link for changes and deprecated commands when upgrading from 6.x to 7.x .. good luck.

http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html

HTH

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card