What commands still needed in PIX 7.x?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2007 08:05 AM - edited 03-11-2019 03:43 AM
Hi there,
I've read the PIX 6.x to 7.x upgrade guides but we have corporate security standards that say the following commands must be configured with our existing PIX 6.x:
- ip verify reverse-path <interface>
- fragment chain 45
- sysopt security fragguard
- floodguard enable
- ip audit info [action alarm]
- ip audit attack [action drop]
- no sysopt route dnat
Which of these command are still necessary with PIX 7.0 and which have been deprecated or enabled by default? Is this documented somewhere?
Are there any new commands that should be considered for hardening of Cisco PIX firewalls?
Thanks for your help.
Gary Freeman
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2007 07:42 AM
Gary, here are the answers to your questions.Check this link for changes and deprecated commands when upgrading from 6.x to 7.x .. good luck.
http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html
HTH
Jorge
