How to verify the current connections on a firewall?

Unanswered Question
Oct 26th, 2007

I am a new computer support specialist in a small company. We would like to focus on network security. How can I verify the current connections on a PIX firewall? We would like catch malicious behavior while it's occurring. How do I inspect all the connections going through our firewall - both in and out. My focus is on anomalies and investigate them; this could include outbound FTP or inbound Telnet/SSH sessions. We have a Cisco perimeter router, which functions as the company firewall. A PIX firewall sits behind the router and its sole function is to build and terminate IPSEC tunnels. I would appreciate any advise.

Thanks.

Said

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 10/29/2007 - 02:27

Hi Said

"sh crypto isa sa" will show all the IPSEC phase 1 connections to your pix.

"sh crypto ipsec sa" will show all the IPSEC phase 2 connections to your pix.

"sh conn" will show all the connections that have been allowed through your pix.

HTH

Jon

Actions

This Discussion