01-11-2006 09:43 PM - edited 03-09-2019 01:35 PM
I'm having a bad pix day and am hoping someone can help.
I want to drop all broadcast traffic that hits the pix, especially udp 137-138.
How are people handling this?
The msg denying the traffic is from the internal interface to the internal interface.
Mark
01-11-2006 11:44 PM
Mark,
the broadcasts reach the pix anyway because your PCs, Laptops or servers are directly connected to the pix - and your network need them. Put your firewall behind a separate routing interface and the broadcasts are off it.
Regards,
Norbert
01-12-2006 02:28 AM
Thanks Norbert unfortunately that option is not available on this particular network. On any other firewall I'd configure a rule to drop the traffic and not log it, but that does not seem to be an option on the pix.
The pix seems to have some implied rules to deny the traffic and log it. I just want to be able to control it.
01-12-2006 02:52 AM
you mentioned "I want to drop all broadcast traffic that hits the pix".
pix by default will not forward any broadcast, and simply drop the packet.
01-12-2006 08:49 AM
True it is probably more correct to say that I don't want the log entries in the log. which makes me think I can play around with the message number and drop the msg into a different level.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide