[nsp] pix & ospf

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Tue Mar 2 09:50:11 EST 2004 

Mati,

sorry to be a nit-picker but the firewalls performed
as a firewall should 'code-wise'.

'the wily hacker' goes in detail on why this is important
to the safety of the wall

this is "how-to lockdown a firewall 101".

the behavior is correct in that the ease in controlling the
routing is less imporatnt than having a large code set running.

the more code running the greater the odds that some author will
slip and forget to bounds check or leave something world readable.

how many routes can it be? 1/2 dozen would be a lot on a firewall.

again forgive what seems like a rant. it just good to see a device 
adhere to basic security.

/* Del Hudson Contr 61CS/SCBN */


-----Original Message-----
From: Mati Gil [mailto:mgil at servicom2000.com]
Sent: Tuesday, March 02, 2004 1:42 AM
To: Tomas Daniska; cisco-nsp at puck.nether.net
Subject: RE: [nsp] pix & ospf


By default, OSPF routing is disabled on the firewall interfaces. To enable
it use command "routing interface inside" (after configuring OSPF global
parameters, "router ospf 1"). Then, if needed, you can set
interface-specific configuration through the routing interface subcommands.

Mati
-----Mensaje original-----
De: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]En nombre de Tomas Daniska
Enviado el: martes, 02 de marzo de 2004 10:15
Para: cisco-nsp at puck.nether.net
Asunto: [nsp] pix & ospf



hey all,

[maybe o/t but no cisco-pix list available...]

it seems to me that pix does not like ospf-learned routes from the
inside side


does anyone know if there's a trick to make the box like the routes,
other than adding similar static routes to inside?


thanks

--

Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199

A transistor protected by a fast-acting fuse will protect the fuse by
blowing first.



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list