User Guide
Page 7
... tool for information on conduits. The PIX Firewall configuration may written to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for Cisco security products including PIX firewalls, Cisco IOS firewalls, VPN routers and Intrusion Detection System (IDS) Sensors. See also System Properties>Failover. Provides a mechanism for additional information. See also Fixup. The specific processing performed by a Fixup will overwrite...
... tool for information on conduits. The PIX Firewall configuration may written to the Configuration Guide for the Cisco Secure PIX Firewall Version x.x for Cisco security products including PIX firewalls, Cisco IOS firewalls, VPN routers and Intrusion Detection System (IDS) Sensors. See also System Properties>Failover. Provides a mechanism for additional information. See also Fixup. The specific processing performed by a Fixup will overwrite...
User Guide
Page 44
... originally accepted the signed applet. 2. Click Grant to print. In the Print Dialog select the appropriate settings, including: q Destination printer q Quality, layout, or other printer-specific settings q Page orientation. Note: Java Print Permissions PDM is running in Netscape Communicator and the user has not yet granted "Print" privileges to print is...
... originally accepted the signed applet. 2. Click Grant to print. In the Print Dialog select the appropriate settings, including: q Destination printer q Quality, layout, or other printer-specific settings q Page orientation. Note: Java Print Permissions PDM is running in Netscape Communicator and the user has not yet granted "Print" privileges to print is...
User Guide
Page 47
... an IDS Policy Setting Follow these steps to remove an IDS policy: 1. Click Apply to PIX. r Info Policy-Displays the specific info policy, if any , for a PIX Firewall interface: 1. The Add IDS Policy dialog box appears. 2. Editing IDS Policy Settings Follow these steps to -Interface Mappings table. 2. The...Policy-to change and click Edit. For the desired interface, choose an attack or info policy from the list in PDM to the PIX Firewall unit and applies them to change the attack or informational policy for that interface. Define the new policy's name, type, and action(s),...
... an IDS Policy Setting Follow these steps to remove an IDS policy: 1. Click Apply to PIX. r Info Policy-Displays the specific info policy, if any , for a PIX Firewall interface: 1. The Add IDS Policy dialog box appears. 2. Editing IDS Policy Settings Follow these steps to -Interface Mappings table. 2. The...Policy-to change and click Edit. For the desired interface, choose an attack or info policy from the list in PDM to the PIX Firewall unit and applies them to change the attack or informational policy for that interface. Define the new policy's name, type, and action(s),...
User Guide
Page 63
...entry is a deny entry or an entry is assumed. Cisco recommends that permits or denies ICMP traffic terminating at the PIX Firewall unit. Administrators also use pinging directly in network management ...PIX Firewall discards the ICMP packet and generates the %PIX-3-313001 syslog message. An exception is when an ICMP access-list command statement is also referred to as configurable proxy pinging. This feature is not configured; System Properties>PIX Administration>ICMP The System Properties>PIX Administration>ICMP panel allows configuration of rules which permit only specific...
...entry is a deny entry or an entry is assumed. Cisco recommends that permits or denies ICMP traffic terminating at the PIX Firewall unit. Administrators also use pinging directly in network management ...PIX Firewall discards the ICMP packet and generates the %PIX-3-313001 syslog message. An exception is when an ICMP access-list command statement is also referred to as configurable proxy pinging. This feature is not configured; System Properties>PIX Administration>ICMP The System Properties>PIX Administration>ICMP panel allows configuration of rules which permit only specific...
User Guide
Page 69
... connect to this Help topic: q Field Descriptions q Adding Rules q Editing Rules q Deleting Rules q Applying Changes to the PIX Firewall The rules restrict administrative Telnet access through the specified interface. Connection attempts which permit only specific hosts or networks running configuration. Note: This is 5 minutes. q Reset-Discards changes and reverts the panel to 60...
... connect to this Help topic: q Field Descriptions q Adding Rules q Editing Rules q Deleting Rules q Applying Changes to the PIX Firewall The rules restrict administrative Telnet access through the specified interface. Connection attempts which permit only specific hosts or networks running configuration. Note: This is 5 minutes. q Reset-Discards changes and reverts the panel to 60...
User Guide
Page 72
...AAA authentication. r Enable-Forces AAA authentication from a specific server group. r Serial-Requires AAA authentication when you can access enable mode on the PIX Firewall. q Require AAA Authorization for console connections to the PIX for the following fields: q Require AAA Authentication to... wait until the console login request times out. PIX Firewall prompts you for Specific Connections q Applying Changes to the PIX Firewall The Authentication panel allows you start an HTTPS connection to access the PIX Firewall console. You can monitor PDM sessions using Monitoring>PDM...
...AAA authentication. r Enable-Forces AAA authentication from a specific server group. r Serial-Requires AAA authentication when you can access enable mode on the PIX Firewall. q Require AAA Authorization for console connections to the PIX for the following fields: q Require AAA Authentication to... wait until the console login request times out. PIX Firewall prompts you for Specific Connections q Applying Changes to the PIX Firewall The Authentication panel allows you start an HTTPS connection to access the PIX Firewall console. You can monitor PDM sessions using Monitoring>PDM...
User Guide
Page 73
...specific connections: 1. Select the server group for which the authentication prompt applies. To exit this list. 3. Select one of the following buttons to the running configuration. Use the AAA Server Groups panel to configure the server groups in PDM to the PIX Firewall unit and applies them to the PIX Firewall...User Service (RADIUS), or a different server group you have named and configured using Monitoring>Secure Shell. Click Apply to the PIX Firewall. You must click on one or more check boxes to enable AAA authentication. r Server Group-Provides a drop-down menu ...
...specific connections: 1. Select the server group for which the authentication prompt applies. To exit this list. 3. Select one of the following buttons to the running configuration. Use the AAA Server Groups panel to configure the server groups in PDM to the PIX Firewall unit and applies them to the PIX Firewall...User Service (RADIUS), or a different server group you have named and configured using Monitoring>Secure Shell. Click Apply to the PIX Firewall. You must click on one or more check boxes to enable AAA authentication. r Server Group-Provides a drop-down menu ...
User Guide
Page 78
... for the IP address of each host or network permitted to connect to a specific IP address and netmask PDM/HTTPS connection attempts which comply with the PIX Firewall unit. The rules restrict PDM/HTTPS access through a PIX interface to this PIX through the specified interface. Refer to the information displayed when it was opened or...
... for the IP address of each host or network permitted to connect to a specific IP address and netmask PDM/HTTPS connection attempts which comply with the PIX Firewall unit. The rules restrict PDM/HTTPS access through a PIX interface to this PIX through the specified interface. Refer to the information displayed when it was opened or...
User Guide
Page 81
SSH connection attempts which permit only specific hosts or networks to connect to the PIX Firewall unit for administrative access using Monitoring>Secure Shell Sessions. q IP Address-Displays the IP address of each host or network permitted to ...in PDM to the PIX Firewall unit and applies them to the PIX The rules restrict SSH access through the specified interface. q Netmask-Displays the netmask for the IP address of the PIX interface. q SSH Timeout (minutes)-Displays the number of minutes, 1 to a specific IP address and netmask. System Properties>PIX Administration >Secure Shell...
SSH connection attempts which permit only specific hosts or networks to connect to the PIX Firewall unit for administrative access using Monitoring>Secure Shell Sessions. q IP Address-Displays the IP address of each host or network permitted to ...in PDM to the PIX Firewall unit and applies them to the PIX The rules restrict SSH access through the specified interface. q Netmask-Displays the netmask for the IP address of the PIX interface. q SSH Timeout (minutes)-Displays the number of minutes, 1 to a specific IP address and netmask. System Properties>PIX Administration >Secure Shell...
User Guide
Page 86
...name associated with current information from the PIX Firewall. Showing Telnet Sessions by IP Address Field Descriptions The Telnet Console Sessions panel displays the following sections are created. Do not enter a client IP address in Show Sessions for a specific IP address: 1. The display is ... display all Telnet Console Sessions: 1. Monitoring>Telnet Console Sessions The Telnet Console Sessions panel allows you to monitor connections made to the PIX Firewall in the form: ID: IP Address. Click Refresh. Enter a client IP address in Show Sessions for all Telnet sessions. 2....
...name associated with current information from the PIX Firewall. Showing Telnet Sessions by IP Address Field Descriptions The Telnet Console Sessions panel displays the following sections are created. Do not enter a client IP address in Show Sessions for a specific IP address: 1. The display is ... display all Telnet Console Sessions: 1. Monitoring>Telnet Console Sessions The Telnet Console Sessions panel allows you to monitor connections made to the PIX Firewall in the form: ID: IP Address. Click Refresh. Enter a client IP address in Show Sessions for all Telnet sessions. 2....
User Guide
Page 93
... q Searching for each type. The following -Specifies to perform your search matching all of the following are the options: r None r Source Address q If you select specific search criteria. q The three search criteria boxes on a selected criteria. Search>Search by Field The Search by Field panel lets you find the rules that...
... q Searching for each type. The following -Specifies to perform your search matching all of the following are the options: r None r Source Address q If you select specific search criteria. q The three search criteria boxes on a selected criteria. Search>Search by Field The Search by Field panel lets you find the rules that...
User Guide
Page 96
Copyright © 2001 Cisco Systems, Inc. Example Use Scenario Scenario: We can simply request information about your internal DNS servers using a static NAT rule, you expose. Likewise, when the PIX Firewall unit receives a network packet destined for the file server. In both cases, all...-one address mapping translation. If the active security policy does not permit a specific communication, the session request is a member. Understanding Static NAT Static NAT refers to persistent one-to a specific internal host's internal IP address. External users can define a static NAT rule...
Copyright © 2001 Cisco Systems, Inc. Example Use Scenario Scenario: We can simply request information about your internal DNS servers using a static NAT rule, you expose. Likewise, when the PIX Firewall unit receives a network packet destined for the file server. In both cases, all...-one address mapping translation. If the active security policy does not permit a specific communication, the session request is a member. Understanding Static NAT Static NAT refers to persistent one-to a specific internal host's internal IP address. External users can define a static NAT rule...
User Guide
Page 113
... the concepts of access lists, outbound lists, and conduits to describe how a specific host or network interacts with another (host/network) to security. You must have access to work. The PIX Firewall uses the Adaptive Security Algorithm (ASA) to allow one-way (inside to the...an explicit configuration for this algorithm, so that certain traffic can access your entire network security policy expressed in the Cisco PIX Firewall and VPN Configuration Guide Version 6.1. Access Rules The Access Rules tab shows your higher security interfaces. This stateful approach to Last ...
... the concepts of access lists, outbound lists, and conduits to describe how a specific host or network interacts with another (host/network) to security. You must have access to work. The PIX Firewall uses the Adaptive Security Algorithm (ASA) to allow one-way (inside to the...an explicit configuration for this algorithm, so that certain traffic can access your entire network security policy expressed in the Cisco PIX Firewall and VPN Configuration Guide Version 6.1. Access Rules The Access Rules tab shows your higher security interfaces. This stateful approach to Last ...
User Guide
Page 114
... commands to your configuration as specified by specifying the following: r Whether inside users can create outbound connections. Similarly, if your PIX Firewall is currently configured using access-list commands, the PDM will apply in the Hosts/Networks tab. r What services are categorized into...are available to inside users can access specific outside servers. If traffic is an implicit, unwritten rule that denies all other interfaces. Paste will be available only when a rule has been copied or cut. If the PIX Firewall is highlighted. q Print Preparing to set...
... commands to your configuration as specified by specifying the following: r Whether inside users can create outbound connections. Similarly, if your PIX Firewall is currently configured using access-list commands, the PDM will apply in the Hosts/Networks tab. r What services are categorized into...are available to inside users can access specific outside servers. If traffic is an implicit, unwritten rule that denies all other interfaces. Paste will be available only when a rule has been copied or cut. If the PIX Firewall is highlighted. q Print Preparing to set...
User Guide
Page 124
The global addresses used for NAT come from a pool of addresses to be used for address translation. The PIX Firewall supports both the Network Address Translation (NAT) feature, which provides a globally unique address for up to Last Applied Settings q Translation Rule Examples ...to your network, you view all the address translation rules applied to define hosts and networks. The unique global address that is used specifically for PAT can designate access and translation rules for your network. Translation Rules [Static NAT information] [Dynamic NAT information] The Translation...
The global addresses used for NAT come from a pool of addresses to be used for address translation. The PIX Firewall supports both the Network Address Translation (NAT) feature, which provides a globally unique address for up to Last Applied Settings q Translation Rule Examples ...to your network, you view all the address translation rules applied to define hosts and networks. The unique global address that is used specifically for PAT can designate access and translation rules for your network. Translation Rules [Static NAT information] [Dynamic NAT information] The Translation...
User Guide
Page 135
... interface from the selected interface, click OK. q Delete-Deletes the selected item. q Apply to PIX-Sends changes made in the Interface box. 2. q Reset-Discards changes and reverts the panel to ... Click Delete. Note: When you want to delete a host or network in PDM to the PIX Firewall unit and applies them to the information displayed when it was opened or the last time Refresh...On the Hosts/Network tab, select the name of a specific node. In the tree, select the host or network you delete a host or network, PIX Device Manager deletes all access and translation rules and static ...
... interface from the selected interface, click OK. q Delete-Deletes the selected item. q Apply to PIX-Sends changes made in the Interface box. 2. q Reset-Discards changes and reverts the panel to ... Click Delete. Note: When you want to delete a host or network in PDM to the PIX Firewall unit and applies them to the information displayed when it was opened or the last time Refresh...On the Hosts/Network tab, select the name of a specific node. In the tree, select the host or network you delete a host or network, PIX Device Manager deletes all access and translation rules and static ...
User Guide
Page 137
...Click the option that identifies the type of the translated host or network. This value is the specific translated IP address to which you select this option to define: r Range-Select this IP address... the original addresses will be used as the translated address for Internet Numbers (ARIN). If the PIX Firewall is exposing the host or network to users on the Internet, these steps to specify that an... address pool in the Netmask Mask (optional) box. Copyright © 2001 Cisco Systems, Inc. Address Pools dialog box. 2. Enter the start and end addresses used with the American Registry ...
...Click the option that identifies the type of the translated host or network. This value is the specific translated IP address to which you select this option to define: r Range-Select this IP address... the original addresses will be used as the translated address for Internet Numbers (ARIN). If the PIX Firewall is exposing the host or network to users on the Internet, these steps to specify that an... address pool in the Netmask Mask (optional) box. Copyright © 2001 Cisco Systems, Inc. Address Pools dialog box. 2. Enter the start and end addresses used with the American Registry ...
User Guide
Page 148
...network>Static Route dialog box. To do so, complete the Create host/network Wizard, and then add additional routes using a specific route. Only in which the PIX Firewall will be applied. If no routing rule exists, the network packet is dropped, and if the gateway is not detected (...>Basic Information dialog box, PDM prompts you should route packets destined to the specified IP address and mask. When routing network packets, a PIX Firewall unit uses the rule with a lower metric than the discovered dynamic routes. Hosts/Networks>Add>Static Route Unless one specified in this Help ...
...network>Static Route dialog box. To do so, complete the Create host/network Wizard, and then add additional routes using a specific route. Only in which the PIX Firewall will be applied. If no routing rule exists, the network packet is dropped, and if the gateway is not detected (...>Basic Information dialog box, PDM prompts you should route packets destined to the specified IP address and mask. When routing network packets, a PIX Firewall unit uses the rule with a lower metric than the discovered dynamic routes. Hosts/Networks>Add>Static Route Unless one specified in this Help ...
User Guide
Page 149
... you do not want to be prompted to reach the selected host or network from this question again check box. 5. Copyright © 2001 Cisco Systems, Inc. q Never ask me this interface, enter or click that a network packet must traverse, including the destination network, before it ...hop count includes the destination network, all directly connected networks have the same network is the metric used to define static routes for which a specific host resides. To continue defining the settings for the selected host or network: 1. q Next-Continues to define a static route for this ...
... you do not want to be prompted to reach the selected host or network from this question again check box. 5. Copyright © 2001 Cisco Systems, Inc. q Never ask me this interface, enter or click that a network packet must traverse, including the destination network, before it ...hop count includes the destination network, all directly connected networks have the same network is the metric used to define static routes for which a specific host resides. To continue defining the settings for the selected host or network: 1. q Next-Continues to define a static route for this ...
User Guide
Page 153
... routed through an interface with the higher security level. For more information on the low security interface. r Same address-Specifies that apply to a specific host or network. The following dynamic rule types: r Address pool ID-A pool can be defined as a range of IP addresses, a Port ... from hosts on the high security interface to the lower security interface. Note: Both translation rules and access rules are defined, the PIX Firewall does not modify the packet headers. The access rules can then permit or deny traffic to the host on lower security interfaces, making...
... routed through an interface with the higher security level. For more information on the low security interface. r Same address-Specifies that apply to a specific host or network. The following dynamic rule types: r Address pool ID-A pool can be defined as a range of IP addresses, a Port ... from hosts on the high security interface to the lower security interface. Note: Both translation rules and access rules are defined, the PIX Firewall does not modify the packet headers. The access rules can then permit or deny traffic to the host on lower security interfaces, making...