FirewallWizards
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fw-wiz] DMZ traffic out to internet with PIX 515

from [Chris Wargaski] [Permanent Link][Original]
To: <vbwilliams@neb.rr.com>, "Firewall Wizards Security Mailing List" <firewall-wizards@listserv.icsalabs.com>
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
From: "Chris Wargaski" <cwargaski@rmstsi.com>
Date: Sat, 6 Jan 2007 14:20:43 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: fwwizards-list2@consult.net
Delivered-to: firewall-wizards@listserv.icsalabs.com
List-archive: <https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help: <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id: Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post: <mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
References: <BAY19-F226A6A5296F136F98FB47D9BF0@phx.gbl> <459EED00.2060001@neb.rr.com>
Reply-to: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender: firewall-wizards-bounces@listserv.icsalabs.com
Thread-index: AccxokNM/h4kGn1RQS21hovi8aF3PwALeD1S
Thread-topic: [fw-wiz] DMZ traffic out to internet with PIX 515 
You'll need to allow DNs queries outbound from the DMZ, too.



cjw

Christopher J. Wargaski 
RMS Technology Solutions, Inc.
cwargaski@rmstsi.com
(847) 215-1661 x223



-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com on behalf of Victor 
Williams
Sent: Fri 1/5/2007 6:27 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
 
You've got no access list entries allowing hosts in the DMZ1 segment 
access out to the internet.  Also, checking the log buffer on the PIX 
will usually give you the culprit of what's causing your access issue if 
you have it set up to do so...set the log to warning or higher and it 
will show you what the culprit is. 

What I believe you need is (at least for traffic to http and https 
websites):

access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80
access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443
nat (DMZ1) 1 10.0.0.0 255.255.255.0

<<winmail.dat>>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [fw-wiz] DMZ traffic out to internet with PIX 515, Victor Williams
Next by Date:  Re: [fw-wiz] DMZ traffic out to internet with PIX 515, Frank Knobbe
Previous by Thread:  Re: [fw-wiz] DMZ traffic out to internet with PIX 515, Victor Williams
Next by Thread:  Re: [fw-wiz] DMZ traffic out to internet with PIX 515, Frank Knobbe
Indexes:  [Date] [Thread] [Top] [All Lists]