Firewall Wizards mailing list archives

Re: Fw: cisco pix does not log traffic targetted to itself?

From: Kevin Steves <stevesk () pobox com>
Date: Fri, 10 Jan 2003 15:13:14 -0800

On Mon, Jan 06, 2003 at 09:40:50PM +0100, Jose y Romy wrote:

 Well,Pix uses the security levels at the interfaces ,and by default do not
 permit (except ACL or static/conduit command)the traffic from a less secure
 to a more secure
 interface (by default 0 (lower level) is assigned to the outside interface
 and 100 (higher level) to the inside interface).
 In the normal ACLs there is an implied "deny all" at the end.


i have never liked the ASA/security level approach that PIX uses--i
would rather not have implied policies.  i'm told you can assign
multiple interfaces the same security level, which will block the
implied policies for those interfaces, but i have not tried it and i
think it may not be supported (the documentation i've read doesn't
mention that case at all).
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 06)
- <Possible follow-ups>
- RE: cisco pix does not log traffic targetted to itself? Noonan, Wesley (Jan 06)
  - RE: cisco pix does not log traffic targetted to itself? Gwendolynn ferch Elydyr (Jan 06)
- Fw: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 06)
  - Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 11)
- RE: cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 07)
- RE: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Mark . Boltz (Jan 12)
  - Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)