Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
5
Helpful
5
Replies

Port scan

whiteford
Level 1
Level 1

‎02-28-2007 02:56 AM - edited ‎03-03-2019 03:58 PM

We have a regional network coming into our DMZ on our Pix 515. We have an IP any any rule and have not locked down what ports they need to use (AD, Exchange, File server, internet). Is there a port monitor we can use to list all the ports over some time through our DMZ? Then we can use this to lock it down.

Labels:
0 Helpful
5 Replies 5

Danilo Dy
VIP Alumni
VIP Alumni

‎02-28-2007 03:17 AM

Free online scan tool http://www.qualys.com

I don't like to put a link here for port scanner. Post your email address and I will send the link to you.

0 Helpful

whiteford
Level 1
Level 1
In response to Danilo Dy

‎02-28-2007 03:36 AM

got it thanks

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-28-2007 12:01 PM

Hi

Just as an alternative. You could have a

"permit ip any any log" on your pix. This would log all access on that DMZ. As you determine the ports you can modify the access-list to add in the individual port entries. Keep the permit ip any any log at the end until you have accounted for all the ports ie. all your other rules are catching the traffic and not your catch all rule.

Obviously this would generate a fair bit of logging so you'll need disk space and be aware of the additional bandwwidth being used.

HTH

Jon

whiteford
Level 1
Level 1
In response to Jon Marshall

‎03-01-2007 12:28 AM

For the loggin how where would I point it to? i am using ADSM?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to whiteford

‎03-01-2007 01:02 AM

Hi

You would need a syslog server to point the traffic to. Do you one of these ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card