What commands still needed in PIX 7.x?

Unanswered Question
Jul 12th, 2007
User Badges:

Hi there,

I've read the PIX 6.x to 7.x upgrade guides but we have corporate security standards that say the following commands must be configured with our existing PIX 6.x:

- ip verify reverse-path <interface>

- fragment chain 45

- sysopt security fragguard

- floodguard enable

- ip audit info [action alarm]

- ip audit attack [action drop]

- no sysopt route dnat

Which of these command are still necessary with PIX 7.0 and which have been deprecated or enabled by default? Is this documented somewhere?

Are there any new commands that should be considered for hardening of Cisco PIX firewalls?

Thanks for your help.

Gary Freeman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion