Firewall Wizards mailing list archives

RE: PIX Firewall IP Addresses

From: "Nigel McLellan (DSL AK)" <NigelMc () datacom co nz>
Date: Fri, 18 Oct 2002 09:09:52 +1300

In Version 6.2 the PIX allows you to use object grouping.
Earlier versions do not have any similar feature.

-----Original Message-----
From: Mark McCreary [mailto:MMcCreary () tax state va us] 
Sent: Friday, October 18, 2002 3:41 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] PIX Firewall IP Addresses

We are using a CISCO PIX firewall version 5.2(5), with both 
NAT and PAT 
enabled.  My task is to clean-up/reduce the number of conduit 
rules.  I am 
new at this. 

While reviewing the rules in place, I noticed many cases 
where individual 
rules are written for consecutive IP addresses.  My question 
is whether 
the syntax allows for a "range" of addresses to be used in 
one rule.  For 
example,

Rules written to allow access from source addresses - 172.165.50.200, 
172.165.50.201, 172.165.50.202

Can a source address on one rule replace the 3 rules above, such as 
172.165.50.200-202

Thank you for any assistance.

Regards,

Mark McCreary
_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX Firewall IP Addresses Mark McCreary (Oct 17)
- RE: PIX Firewall IP Addresses Ben Nagy (Oct 17)
- <Possible follow-ups>
- RE: PIX Firewall IP Addresses Nigel McLellan (DSL AK) (Oct 17)
- RE: PIX Firewall IP Addresses Scot Hartman (Oct 18)