Firewall Wizards mailing list archives
Re: Fw: cisco pix does not log traffic targetted to itself?
From: Kevin Steves <stevesk () pobox com>
Date: Fri, 10 Jan 2003 15:13:14 -0800
On Mon, Jan 06, 2003 at 09:40:50PM +0100, Jose y Romy wrote:
Well,Pix uses the security levels at the interfaces ,and by default do not permit (except ACL or static/conduit command)the traffic from a less secure to a more secure interface (by default 0 (lower level) is assigned to the outside interface and 100 (higher level) to the inside interface). In the normal ACLs there is an implied "deny all" at the end.
i have never liked the ASA/security level approach that PIX uses--i would rather not have implied policies. i'm told you can assign multiple interfaces the same security level, which will block the implied policies for those interfaces, but i have not tried it and i think it may not be supported (the documentation i've read doesn't mention that case at all). _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 06)
- <Possible follow-ups>
- RE: cisco pix does not log traffic targetted to itself? Noonan, Wesley (Jan 06)
- RE: cisco pix does not log traffic targetted to itself? Gwendolynn ferch Elydyr (Jan 06)
- Fw: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 06)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 11)
- RE: cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 07)
- RE: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Mark . Boltz (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)