07-19-2007 04:20 AM - edited 03-09-2019 06:25 PM
All,
I've inherited a network with over 20 sites using PIX ver 6.X and 7.X as the border firewalls. All the VPN's between the sites are wide open and I need to lock them down. I have several months worth of syslogs. Can anyone recommend a tool that can report on the syslogs which ports are being used on which which VPN's? Preferably if they could analyze the syslog files.
thanks
07-19-2007 05:09 AM
For a onetime effort like this, I would recommend putting the files on a unix/linux box and using find/grep/awk.
07-19-2007 05:47 AM
There are a ton of options out there.
http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PIX+log+analyzer&spell=1
07-19-2007 05:58 AM
While I agree there are a lot of options out there (I have looked) I was asking for recommendations. What I really am looking for it ones that are able to present results on the IP ranges in the VPN config.
what I need is a tool that can identify matching IP's in the subnets used by the VPN ACL (ie 192.168.1.1 is part of the 192.168.1.0/24 range) I have a large amount of subnets carved up in various sub classes so searching for say 192.168.1 would not cut it. The nearest I found was managenegine's offering but it did not seem to work with all subnets.
many thanks
09-12-2007 06:43 AM
Hi,
I am posting this with a disclaimer that I am part of ManageEngine offerings.
I believe Firewall Analyzer has filters that supports IPRange/CIDR. Hence your requirement could be easily achievable with that.
May be http://forums.adventnet.com/viewforum.php?f=61
would help you further.
regards,
MSK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: