Firewall Wizards mailing list archives
Re: Fw: cisco pix does not log traffic targetted to itself?
From: Kevin Steves <stevesk () pobox com>
Date: Mon, 13 Jan 2003 17:22:01 -0800
On Sun, Jan 12, 2003 at 10:42:51AM -0500, Mark.Boltz () stonesoft com wrote:
i have never liked the ASA/security level approach that PIX uses--i would rather not have implied policies. i'm told you can assignKevin, I'm not sure I understand. Do you mean you don't want implied policies in a general sense? In this particular case, we're talking a final "deny all" rule, which is because the generally accepted stance of security products should be to deny that which is not expressly permitted. Curious as to which you meant...
yes, there is an implied default deny for access lists. but in the absense of an interface access-group, the default is permit for high to low origin security level traffic. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 06)
- <Possible follow-ups>
- RE: cisco pix does not log traffic targetted to itself? Noonan, Wesley (Jan 06)
- RE: cisco pix does not log traffic targetted to itself? Gwendolynn ferch Elydyr (Jan 06)
- Fw: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 06)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 11)
- RE: cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 07)
- RE: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Mark . Boltz (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)