Firewall Wizards mailing list archives

Re: Fw: cisco pix does not log traffic targetted to itself?

From: Kevin Steves <stevesk () pobox com>
Date: Mon, 13 Jan 2003 17:22:01 -0800

On Sun, Jan 12, 2003 at 10:42:51AM -0500, Mark.Boltz () stonesoft com wrote:

i have never liked the ASA/security level approach that PIX uses--i
would rather not have implied policies.  i'm told you can assign


Kevin, I'm not sure I understand. Do you mean you don't want implied
policies in a general sense? In this particular case, we're talking a final
"deny all" rule, which is because the generally accepted stance of security
products should be to deny that which is not expressly permitted. Curious
as to which you meant...


yes, there is an implied default deny for access lists.  but in the
absense of an interface access-group, the default is permit for high
to low origin security level traffic.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 06)
- <Possible follow-ups>
- RE: cisco pix does not log traffic targetted to itself? Noonan, Wesley (Jan 06)
  - RE: cisco pix does not log traffic targetted to itself? Gwendolynn ferch Elydyr (Jan 06)
- Fw: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 06)
  - Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 11)
- RE: cisco pix does not log traffic targetted to itself? Toh Kar Lai Catherine (Jan 07)
- RE: cisco pix does not log traffic targetted to itself? Jose y Romy (Jan 12)
- Re: Fw: cisco pix does not log traffic targetted to itself? Mark . Boltz (Jan 12)
  - Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)