Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I zeroed the stats on the DMZ interface and now, 40 minutes and 80 MB later I have 1057 CRC errors. This is unusually high compared to other interfaces. The DMZ interface is connected directly to a web server. The web server has two NICs so I tried t...
Does anyone know of an up to date list of ports used by various trojans and file sharing apps. I want to shut all these upstream ports to prevent abuse. Or should I just shut down all ports above 1024?-- Rubio
I recently configured a VPN to our remote offices (PIX 515 and PIX 501's). However, I frequently need to traceroute the remote locations to sort out problems. Previously I had access lists that allowed time-exceeded ICMP packets in. The PIX documenta...
It's always a good practice to separate web servers, or any other service that you provide to the internet, into its own subnet. I'm not sure what the point is in having the PIX in the its own DMZ LAN, though. Simply put your web servers in the DMZ i...
Global pool IPs might run out if you only have NAT configured for DMZ. Configure one IP for PAT, something like:global (dmz) 1 10.10.2.10-10.10.2.20 netmask 255.255.255.0global (dmz) 1 10.10.2.21 netmask 255.255.255.0The first line is NAT and the sec...
The dns option on the nat statement means that if the resolved address is found in your xlate, the firewall will translate it to the local address, i.e. if the server is on your own network it's local address will be used.Are you sure the DNS server ...
I don't know much about IIS, but all normal traffic to a web server should obviously be to ports 80 and 443. There is no reason to let any NetBIOS traffic pass in or out your network. This could be just a port scan to see if NetBIOS Name Service is r...
