04-25-2005 11:08 AM
I have several lines with various IP addresses in my Pix config that start with PDM location. Some of the addresses are inside some are from the outside. Can I delete these? Where do they come from? I'm guessing that they are created when someone starts PDM from a machine.
04-26-2005 03:35 AM
PDM locations are the adresses that are allowed to access the PDM. My guess is that they were deliberately entered in the config by someone. Normally you do not want any of them on the outside. You may safely delete those.
Regards,
Leo
04-26-2005 03:56 AM
If you use the PDM to manage the Pix, it creates those entries. But does not mean those addresses can manage the Pix. That is determined by the http command lines.
I manage our Pixes with the PDM, makes it easier on my backup person. I have all my networks entered, and along with those are PDM commands. But when I look at PDM access within PDM, it only shows those that I want to have access. I have tested this also, trying to access the Pix using PDM with one of those addressses, and I was unable to manage the Pix.
04-26-2005 04:57 AM
A PDM location is a pure book keeping command used by PDM to build its topology database.
It has nothing to do with the PIX's functionalities. In particular,
It does NOT control which host can access PDM which is a common misunderstanding.
The control is done by the command "http
Why do we need it?
In PDM's world, policy (those rules) is built on top of topology.
Ideally user creates the topology first via the Host/Network tab, then
configures policy else where (like Access Rule tab).
A network object exists by itself, even if there is no policy configured directly on it at a particular time. We use "pdm location" command to remember the location of a network object.
Hope this helps,
Jay
04-27-2005 11:11 AM
Ouch! What a glitch! I was really convinced that it meant something else, should have looked it up of course. Thanks for putting me right, rewarded 5 pts to both of you. I have learnt something again. Appearently one's never too old for that.
Regards,
Leo
04-27-2005 12:17 PM
I learned something too. Now, if I manually edit something from the command line, will any affected 'pdm location' entries update the next time I use the gui?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide