Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2532
Views
10
Helpful
5
Replies

What is the PDM location?

rolandshum
Level 1
Level 1

‎04-25-2005 11:08 AM

I have several lines with various IP addresses in my Pix config that start with PDM location. Some of the addresses are inside some are from the outside. Can I delete these? Where do they come from? I'm guessing that they are created when someone starts PDM from a machine.

Labels:
0 Helpful
5 Replies 5

lgijssel
Level 9
Level 9

‎04-26-2005 03:35 AM

PDM locations are the adresses that are allowed to access the PDM. My guess is that they were deliberately entered in the config by someone. Normally you do not want any of them on the outside. You may safely delete those.

Regards,

Leo

0 Helpful

morriss
Level 1
Level 1
In response to lgijssel

‎04-26-2005 03:56 AM

If you use the PDM to manage the Pix, it creates those entries. But does not mean those addresses can manage the Pix. That is determined by the http command lines.

I manage our Pixes with the PDM, makes it easier on my backup person. I have all my networks entered, and along with those are PDM commands. But when I look at PDM access within PDM, it only shows those that I want to have access. I have tested this also, trying to access the Pix using PDM with one of those addressses, and I was unable to manage the Pix.

jmia
Level 7
Level 7

‎04-26-2005 04:57 AM

A PDM location is a pure book keeping command used by PDM to build its topology database.

It has nothing to do with the PIX's functionalities. In particular,

It does NOT control which host can access PDM which is a common misunderstanding.

The control is done by the command "http ".

Why do we need it?

In PDM's world, policy (those rules) is built on top of topology.

Ideally user creates the topology first via the Host/Network tab, then

configures policy else where (like Access Rule tab).

A network object exists by itself, even if there is no policy configured directly on it at a particular time. We use "pdm location" command to remember the location of a network object.

Hope this helps,

Jay

lgijssel
Level 9
Level 9
In response to jmia

‎04-27-2005 11:11 AM

Ouch! What a glitch! I was really convinced that it meant something else, should have looked it up of course. Thanks for putting me right, rewarded 5 pts to both of you. I have learnt something again. Appearently one's never too old for that.

Regards,

Leo

0 Helpful

cmccready
Level 1
Level 1
In response to lgijssel

‎04-27-2005 12:17 PM

I learned something too. Now, if I manually edit something from the command line, will any affected 'pdm location' entries update the next time I use the gui?

0 Helpful
Customers Also Viewed These Support Documents