Firewall Wizards mailing list archives
Re: DMZ traffic out to internet with PIX 515
From: "Chris Wargaski" <cwargaski () rmstsi com>
Date: Sat, 6 Jan 2007 14:20:43 -0600
You'll need to allow DNs queries outbound from the DMZ, too. cjw Christopher J. Wargaski RMS Technology Solutions, Inc. cwargaski () rmstsi com (847) 215-1661 x223 -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com on behalf of Victor Williams Sent: Fri 1/5/2007 6:27 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515 You've got no access list entries allowing hosts in the DMZ1 segment access out to the internet. Also, checking the log buffer on the PIX will usually give you the culprit of what's causing your access issue if you have it set up to do so...set the log to warning or higher and it will show you what the culprit is. What I believe you need is (at least for traffic to http and https websites): access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80 access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443 nat (DMZ1) 1 10.0.0.0 255.255.255.0
<<winmail.dat>>
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- DMZ traffic out to internet with PIX 515 Paul Madore (Jan 05)
- Re: DMZ traffic out to internet with PIX 515 Victor Williams (Jan 06)
- Re: DMZ traffic out to internet with PIX 515 Chris Wargaski (Jan 06)
- Re: DMZ traffic out to internet with PIX 515 Frank Knobbe (Jan 08)
- Re: DMZ traffic out to internet with PIX 515 Victor Williams (Jan 06)