Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX 515 7.1 vs: 8.0

From: Kevin Horvath <kevin.horvath () gmail com>
Date: Tue, 15 Mar 2011 16:07:49 -0400
1) enable local buffer logging, manually add a host with IP on the
inside, then try to access something on the internet, and view your
logs for errors, view your connection table "show conn det", and your
xlate table to see where the issue is.

2) add a default route to the outside interface, everything else
appears directly connected so you dont need routes for those (you can
verify your route table with "sh route").

3) as someone mentioned, looks like you have dhcpd enabled for the dmz
and vonage interfaces and not the inside.  Add a entry for the inside
as well.

On Sat, Mar 12, 2011 at 12:54 AM, Christopher J. Wargaski
<wargo1 () gmail com> wrote:

Hey Brian--
  Configuration-wise you should have no problems with 8.0 if you know 7.1.
   You appear to have NAT configured correctly. You ACLs look good too. what
I do not see are any route statements--do you have a default route set?
   Also, you should increase the message-length maximum to 4096 given the
rollout of DNSsec.

cjw



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: