Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Greetings,We are experiencing multiple port security violations from the same mac-addresses. These addresses are not the mac-addresses of the hosts plugged into the switch port, and do not show up in the cam table or in our network management tool. ...
Greetings,We are running several ASA 5540 pairs in Active/Active transparent mode (software version 8.2(1).) We are trying to find an explanation for some curious syslog traffic generated by these pairs.No nat-control is enabled. Security levels ar...
Greetings,The security levels are related to the fact that in earlier versions of PIX/FWSM (6.x/2.x and earlier), you were required to translate addresses between interfaces, even if there was no NAT/PAT taking place. With nat-control disabled (defa...
Rob,This is a good technical solution, but I think you're right in assuming you should separate your public-facing front-end from your back end SQL servers. If your web servers placed behind the PIX on the inside interface are compromised, then they...
KS,Thank you for looking into this. My first response after reviewing the command in question is that there is no asymmetric routing going on, as the firewall is in transparent mode and sits in front of a stub network and has only a default route ou...
Greetings,From a technical perspective, there should be nothing preventing you from sending iSCSI traffic over the PIX. iSCSI uses TCP 860 and 3260 by default.However, best practices dictate that you should do everything you can to separate your iSC...
Greetings,The ASA device does not cache L7 data unless you are using it in conjunction with Websense, Smartfilter, or some other caching engine. Is this the case? Otherwise, try browsing to the web page in question and hit Ctrl+F5 and see if the new...
