Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Firewall help

From: "Paul Madore" <dexteroc () hotmail com>
Date: Tue, 09 Jan 2007 08:36:10 -0800
Thanks for your help guys.  I was able to get it working with the 
access-list entries and a nat entry.  This allows IP connections and no DNS 
which chris had said wouldn't work until that was configured also.  I don't 
think I will need that as of right now but I may look into it just to see 
how to get it working.  Thanks for everyone's input!

Paul



  Re: DMZ traffic out to internet with PIX 515 (Chris Wargaski)



Message: 1
Date: Sat, 6 Jan 2007 14:20:43 -0600
From: "Chris Wargaski" <cwargaski () rmstsi com>
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515

You'll need to allow DNs queries outbound from the DMZ, too.

cjw

Christopher J. Wargaski
RMS Technology Solutions, Inc.
cwargaski () rmstsi com
(847) 215-1661 x223



-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com on behalf of Victor 
Williams
Sent: Fri 1/5/2007 6:27 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515

You've got no access list entries allowing hosts in the DMZ1 segment
access out to the internet.  Also, checking the log buffer on the PIX
will usually give you the culprit of what's causing your access issue if
you have it set up to do so...set the log to warning or higher and it
will show you what the culprit is.

What I believe you need is (at least for traffic to http and https
websites):

access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80
access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443
nat (DMZ1) 1 10.0.0.0 255.255.255.0


_________________________________________________________________
Fixing up the home? Live Search can help 
http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: