whisperwind Wed, 09/19/2007 - 07:27
User Badges:

I am unaware of a document like that I cna however give you some pointers from my experience.

1. Remember the implicit deny all

2. Be as granular in permitting traffic as you can be

3. Sometimes the best engineered solution has to bend to business needs

4. Use object groups to group subnets / hosts

5. Use the remark feature so 2 months from now you can recall why something is there

Thats my .05 hope it helps.

dgalati000 Wed, 09/19/2007 - 07:31
User Badges:

thanks, yes, I'll add those to my list of to-do's.

lowen Wed, 09/19/2007 - 11:29
User Badges:

SANS offers a course called "Working with Firewall Rule Bases". If you've been working with firewalls a long time, you may or may not find it useful, but it deals with just this sort of thing, and I think it would be very good for someone relatively inexperienced with working with firewalls. Here's a url:


Larry Owen

srue Wed, 09/19/2007 - 11:33
User Badges:
  • Blue, 1500 points or more

read rfc 2827.

and block everything from china, unless that's where you live.

google 'bogon filtering'

dgalati000 Thu, 09/20/2007 - 06:10
User Badges:

thanks, srue. I need to go there to read up on my BGP rfc's anyway, I'll check this one as well. I'm new to mid to PIX so if I have questions, I'll post em here.


This Discussion