hi folks, i have a problem deploying our PIX firewall. the following is our network topology:(internet Bbone)--(GSR)--(6009)--(Alteon L4 switch)--(4009)--(PIX535&WEB/Email Servers)[note: Alteon L4 switch is for load balance among servers.]As far as i...
I tried to exclude all events from one host to the internal network . The host address is also an internal ip address.RecordOfExcludedPattern * * 199.129.214.244 IN(ip address changed)But this is not working. I got some 3001 events today. We are runn...
We tried to install a NFuse Citrix on a DMZ web-server. We open ICA UDP and TCP ports (UDP 1604 and TCP 1494). Also the TCP 80 ports for HTTP traffic from DMZ back to inside server.We have been able to make it to work.Does anybody has a suggestion to...
Can anyone tell me why If I have a access list that only allows 80 and 443 to pass thru I can still see all other ports open when I run a penetration software such as Cyber Cop. Is there something that I need to add to keep these ports from Respondi...
I have been told that the new CSPM software could performing shunning without the Director software. The version i and f provide that shunning feature I was told. Can anyone confirm or deny this for release 2.3?
Hi folks,I've seen 2 tier firewalling getting very common these days, i.e customers implementing 2 firewalls, usually PIX for DMZ and Checkpoint as 2nd layer for Internal LAN.What addition benefits does this kind of design really bring? And what are ...
Is it recommended to have the Concentrator behind a firewall, or can it just be placed in parallel (like the documentation suggests).If behind say a PIX, what ports do i need open for this to work.Ta.
Anyone out there have a list of properties that needmodification on the exchange server to allow mail to come in over the internet. I have the pix stuff, but claim no knowledge of the exchange piece. Thanks
As I started working with netranger one of my first problem was, that the sensor is logging the attack signature, but not the answer of the attacked server. We are currently configured the sensor that it will create an iplog for most signatures at l...
Is it possible to implement VPN using Cisco 801?Customer is now using Lan-to-Lan ISDN connection but they want to lower the cost. Are the capabilities of these routers enough or is it better to use 1700 routers?
It appears that CW2000 will not upload a software image from a 3500XL switch to the software library, can anybody advise me how if possible I can get an image uploaded to the library.Thanks
I have a user whose win2k machine hangs when he establishes a tunnel and trys to connect to resources on the network. We are using 3.0.2 client and 3.0 concentrator. We have many users that use this group with win2k, which is a cert group, and they c...
let say i have 2 internal machines serving 2 services:ftp server 129.2.2.1web server 129.2.2.2now i want to use only 1 external ip (lets say 64.5.5.5) to host those 2 services. how do i set a access-list, global map, or static map so that the pix wil...
Hi Jay,I work in support for another content delivery provider that you're probablyunfamiliar with. I come from a hardware background although our solution issoftware based and uses a globally distributed network. I am very familiarwith the way the...
