Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

What commands still needed in PIX 7.x?

gtfree
Level 1
Level 1

‎07-12-2007 08:05 AM - edited ‎03-11-2019 03:43 AM

Hi there,

I've read the PIX 6.x to 7.x upgrade guides but we have corporate security standards that say the following commands must be configured with our existing PIX 6.x:

- ip verify reverse-path <interface>

- fragment chain 45

- sysopt security fragguard

- floodguard enable

- ip audit info [action alarm]

- ip audit attack [action drop]

- no sysopt route dnat

Which of these command are still necessary with PIX 7.0 and which have been deprecated or enabled by default? Is this documented somewhere?

Are there any new commands that should be considered for hardening of Cisco PIX firewalls?

Thanks for your help.

Gary Freeman

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎07-15-2007 07:42 AM

Gary, here are the answers to your questions.Check this link for changes and deprecated commands when upgrading from 6.x to 7.x .. good luck.

http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html

HTH

Jorge

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card