About jtnim

jtnim · 09-24-2002

I zeroed the stats on the DMZ interface and now, 40 minutes and 80 MB later I have 1057 CRC errors. This is unusually high compared to other interfaces. The DMZ interface is connected directly to a web server. The web server has two NICs so I tried t...

jtnim · 09-03-2002

Does anyone know of an up to date list of ports used by various trojans and file sharing apps. I want to shut all these upstream ports to prevent abuse. Or should I just shut down all ports above 1024?-- Rubio

jtnim · 08-26-2002

I recently configured a VPN to our remote offices (PIX 515 and PIX 501's). However, I frequently need to traceroute the remote locations to sort out problems. Previously I had access lists that allowed time-exceeded ICMP packets in. The PIX documenta...

jtnim · 10-01-2002

Have you tried 'clear xlate' after changing the ACL?-- Rubio

jtnim · 10-01-2002

It's always a good practice to separate web servers, or any other service that you provide to the internet, into its own subnet. I'm not sure what the point is in having the PIX in the its own DMZ LAN, though. Simply put your web servers in the DMZ i...

jtnim · 09-24-2002

Global pool IPs might run out if you only have NAT configured for DMZ. Configure one IP for PAT, something like:global (dmz) 1 10.10.2.10-10.10.2.20 netmask 255.255.255.0global (dmz) 1 10.10.2.21 netmask 255.255.255.0The first line is NAT and the sec...

jtnim · 09-01-2002

The dns option on the nat statement means that if the resolved address is found in your xlate, the firewall will translate it to the local address, i.e. if the server is on your own network it's local address will be used.Are you sure the DNS server ...

jtnim · 08-27-2002

I don't know much about IIS, but all normal traffic to a web server should obviously be to ports 80 and 443. There is no reason to let any NetBIOS traffic pass in or out your network. This could be just a port scan to see if NetBIOS Name Service is r...

Member Since	‎03-21-2002 02:56 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	10

User Statistics

User Activity

Lots of CRC errors on PIX DMZ interface

Which upstream ports to shut?

Traceroute through an IPSec tunnel

Re: Blocking Outbound Access to Specific Host

Re: DMZ Importance with a PIX firewall?

Re: Internal Website and Pix 515

Re: PIX 520 and 6.2(2) - Weird problems

Re: deny inbound UDP x.x.x.x/137