Is there or will there soon be a way for a network sensor to drop, reset and or log packets using a switch like the 3500 series? This would be great it seems in stopping internal attacks. I think right now all that can happen is notification of an ...
Windows98 client using 3.5.1 VPN client software connecting to PIX501 (6.2 and PDM v.2) connects securely and can log into NT domain and connect to shares etc. All hunky dory. However....I have ticked the VPN client dialogue box to allow Local LAN Ac...
I'm having trouble updating my new blade which came with version 2.5(1)S2a. I have downloaded all the upgrades for it to an ftp server. Each service pack calls for the previous service pack so the first upgrade to install is the 2.5-2 upgrade. How...
I just started using PFSS, and so far it seems very helpful. My question is related to how the log files are created. It's been running for two days, and I now see a "Tuesday" and "Wednesday" log file. First question: next Tuesday will it overwri...
I was wondering if there is any interest in changing the current behaviour in Tunnel Endpoint Discovery, where the explorer packet uses the source address of the protected host rather than the address of the crypto router that is initiating the explo...
Hi,Who could verify for me if I am correct. I been looking through cco and cannot confirm this.My question is how do I disable user ports on CatOS (5k or 6k) from becoming trunking eligible?If I turn trunking off "set trunk 5/24 off" still sends out ...
A simple question. Shouldn't DES be enabled by default. I thought the standard PIX licensing included 10-user DES capability and you had to upgrade to 3DES. I just inheirited management of a 515 with DES and 3DES disabled. Does thing mean it will...
I am running 5.2(1) on a 520. It appears that the PIX is sometimes putting traffic onto port 69. My IDS thinks this is possibly TFTP traffic and trips an alarm. Is there a way to force the traffic to the correct port (or at least to a non-standard...
Hey guys, How does this command react in following configuration.static (inside, outside) 4.2.2.10 4.2.2.10Config: Pix with two interfaces inside ip add 10.0.0.1/24 outside ip add 4.2.2.1/24 I have a server on the inside that I needs(due to ...
I've been trying to apply the 105 access-list to the serial interface inbound to protect these internal networks from the big, bad Internet but I need to allow for a web server and an email server at the static nat address that's been specified. Whe...
Hello all,I did a simple setup in my LAB. IDS version is 3.1. I placed my sensor in 192.168.1.100 address and one more machine as my IEV host. I installed IEV in that machine which is the event destination. I got my connection established to the sens...
Intend to connect two Frame Relay networks through IP backbone via GRE tunneling. Please let me know the pros and cons. 2) Is it necessary to setup a point-point Frame relay circuit for the above?
On the IDS behind the firewall, I would like to create a filter to exclude all signatures that have a source address from my server's subnet (filter all supposed attacks coming from my servers). My questions is whether the IDS still capture alarms a...
I'm looking for a sample configuration with the IOS firewall/ NAT implemented on a single ethernet port. PC ---Access Point---- ) 2503 w/ ethernet hub Cable Modem---
