How to verify the current connections on a firewall?

Unanswered Question
Oct 26th, 2007
User Badges:

I am a new computer support specialist in a small company. We would like to focus on network security. How can I verify the current connections on a PIX firewall? We would like catch malicious behavior while it's occurring. How do I inspect all the connections going through our firewall - both in and out. My focus is on anomalies and investigate them; this could include outbound FTP or inbound Telnet/SSH sessions. We have a Cisco perimeter router, which functions as the company firewall. A PIX firewall sits behind the router and its sole function is to build and terminate IPSEC tunnels. I would appreciate any advise.


Thanks.

Said

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 10/29/2007 - 02:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Said


"sh crypto isa sa" will show all the IPSEC phase 1 connections to your pix.


"sh crypto ipsec sa" will show all the IPSEC phase 2 connections to your pix.


"sh conn" will show all the connections that have been allowed through your pix.


HTH


Jon

Actions

This Discussion