Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 515e port question 1

Status
Not open for further replies.
hrswift

hrswift

MIS
Sep 24, 2003
48
US
Since by nature the PIX ports are all closed and must be opened if needed is there any reason these statements are necessary?

object-group service denytcp tcp
port-object range 3127 3198
port-object eq pop2
port-object eq irc
port-object eq 37
port-object eq 81
port-object eq 123
port-object eq 220
port-object eq 1214


There are many more I just listed a few....
 
Sort by date Sort by votes
Yeh does seem kind of pointless. As you say, you typically allow what you want through and not what you want to deny.

It may be the original creator of this access policy did it so he could audit how much traffic was getting denied, i.e. I think you're able to inspect the access list and see total matches against the deny statements which is useful to understand what kind of unwanted traffic is hitting your PIX.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
334
Zero6
Zero6
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
335
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
248
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
602
ADB100
ADB100
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
917
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top