I've read the PIX 6.x to 7.x upgrade guides but we have corporate security standards that say the following commands must be configured with our existing PIX 6.x:
- ip verify reverse-path <interface>
- fragment chain 45
- sysopt security fragguard
- floodguard enable
- ip audit info [action alarm]
- ip audit attack [action drop]
- no sysopt route dnat
Which of these command are still necessary with PIX 7.0 and which have been deprecated or enabled by default? Is this documented somewhere?
Are there any new commands that should be considered for hardening of Cisco PIX firewalls?
Thanks for your help.