Hi,In PIX access list, what is the difference between the two? If I what to permit normal ftp access to my internal server, do I need to open both? or just ftp? What is ftp-data for then?Thanks.
all the ports are open on one of my internet gateway router. this is a big security vulnerability. y all these ports r open? may be DDOS attack or...plz help me.
Looking at creating a custom sig to count the SMTP traffic on port 25, both incoming and outgoing.Need some hard numbers for the bean counters.Have an IDS 4210 and I tried capturing our domain name using a bunch of methods. I got numbers, but they w...
It seems to me these features serve similar functions. Does CBAC essentially supercede reflexive access-lists due to the ability to recongnise application traffic such as FTP which RACL's cannot? Can the two coexist to allow RACLs to match applicatio...
I am doing the unthinkable, opening up the ports from my DMZ to inside interface to allow active directory communication. I just wanted to check the syntax of what I am doing before I do it. According to PIX docs if I do this:'access-list dmz_inside ...
I have a 3005 Concentrator on which I'm running WebVPN services. I have a 827 DSL router in front of it, and everything works fine for remote users. I need to have a server sitting on the LAN behind it browse through it for Internet access. I set the...
Hello,We have a Cisco PIX 515 and we are deploying a Mail server on its DMZ. Our inside users can access the internet freely from the inside, they also can access and ping the server in the DMZ. Outside users can access the server on the DMZ. The Pro...
Hi,Does the IDSM2 support monitoring of EtherChannel?ie. if I have a server in my data server that I've bundled a couple of ports into an EtherChannel, can I monitor that EtherChannel?Alternatively, I suppose I can look at the traffic via by spanning...
I haven't figured out yet how to create a default route in the FWSM. I type the below with no luck;ip route 0.0.0.0 0.0.0.0 24.25.10.1 24.25.10.1 is my ISP
Hello all, i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz. i have already succes...
Hi, I am having problems trying to telnet to the fe interface of my edge router from my management host(internal). I tryed adding an access list and allowing access to the fe interface of the router. Do I need to do something to the firewall.(I thoug...
We are looking for the description / conversation of bug fix CSCsa04030, which Cisco said will be released in the summer to fix the signature deployment/update issue between a NAT VMS MC and IDS 4x.Appreciate if you can pin point us to where can we f...
