Re: PIX 515 7.1 vs: 8.0

[Brian Blater <brb.lists () gmail com>]

On Sat, Mar 19, 2011 at 3:41 PM, Christopher J. Wargaski
<wargo1 () gmail com> wrote:
> Brian--
>    One of the things that the unrestricted license for a 515E does is allow
> more than 3 network interfaces. When you run the "sh ver" do you indeed see
> the UR license listed? Also, when you run "sh int" with the 4FE card
> installed, do you see all the interfaces? I do not think that the license
> needs to be upgraded or reapplied when upgrading to a new major PIX-OS
> release. However, I do not think that I have tried it. Here is a thought,
> save your config, wipe NVRAM and load 6.3(5) on to see if all 6 interfaces
> work.
>    If you are unable to make the 4FE card work, you can always put the 1FE
> card i, trunk to a managed switch and use VLAN interfaces.
>    Now that DHCP and routing have been addressed, is inbound and outbound
> traffic flowing on the inside and outside interfaces?
>
>
> cjw

Now that I've figured out which port is which on the 4FE-66 (see my
previous post) basically everything is working as expected.

One new question about this is if my inside interface is a security
100 and my dmz is a security 50 and I have no ACL defined on the
inside interface, how come a ping from the inside to the a device on
the dmz does not work? The only ACLs on the inside are the implicit
rules any to any less secure and any any deny. Is it that I would need
to have an additional rule on the dmz to allow icmp from the inside to
the dmz?

Thank you for the help. If you can't tell, I know enough to be
dangerous, but certainly not enough to be a guru at this.

Brian
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards