cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
276
Views
0
Helpful
2
Replies

How to verify the current connections on a firewall?

saidfrh
Level 1
Level 1

I am a new computer support specialist in a small company. We would like to focus on network security. How can I verify the current connections on a PIX firewall? We would like catch malicious behavior while it's occurring. How do I inspect all the connections going through our firewall - both in and out. My focus is on anomalies and investigate them; this could include outbound FTP or inbound Telnet/SSH sessions. We have a Cisco perimeter router, which functions as the company firewall. A PIX firewall sits behind the router and its sole function is to build and terminate IPSEC tunnels. I would appreciate any advise.

Thanks.

Said

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Hi Said

"sh crypto isa sa" will show all the IPSEC phase 1 connections to your pix.

"sh crypto ipsec sa" will show all the IPSEC phase 2 connections to your pix.

"sh conn" will show all the connections that have been allowed through your pix.

HTH

Jon

flopez
Level 1
Level 1

you should setup a syslog server somewhere and you can collect a lot data. All you would need is to figure out what kind of level of messages you want to get. Good luck.

you can get syslog software for free from the net.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: