Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX Conversation logging versus Checkpoint

Unanswered Question
Jul 24th, 2002
User Badges:

We are in the middle of comparing PIX (6.x) and Checkpoint for purchase. So far PIX is winning on speed and configurability, but loosing on GUI and troubleshooting. I would like to fix that if I could be pointed to the right docs on troubleshooting in the PIX. The Checkpoint GUI lets me see a near real time log of accepts and more importantly rejects (with the rejected rule number) of conversations between internal and external hosts. Can the PIX provide a logging function similar to that? I was thinking along the lines of log facility to syslog and I could grep through the log for what I needed. Basically - source ip\port -> dest ip\port accept or reject. Any pointers would help me move the troubleshooting catagory over to the PIX side.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mike.pacheco Wed, 07/24/2002 - 18:14
User Badges:

I do have a dedicated syslog server for use. The problem is I don't have a PIX yet - we are outgrowing our Nokia IP330/Checkpoint combo - we have to upgrade and now is the perfect time to look at the two products (Nokia IP650/Checkpoint and PIX 525), compare them and decide which one to go with - I like the PIX on paper but I need to prove why before management will buy off on the change. In troubleshooting on the Checkpoint box I can see packets being rejected and the port they are on to troubleshoot an application issue. If I log the PIX to syslog can I see accepts and rejects in the logs and what would they look like? The doc you listed mentions the ability to web publish a capture -any screen shots of what that would look like?

ie: Often an application programer will tell me that he can't test the app he is working on through the firewall, they will not give any specifics, just that it doesn't work. I filter the log to watch for rejects only from the internal host, find the port it is rejecting on in the firewall log and open the port from that host to the external side. Would I have to create a generic "reject" capture rule on the PIX to see this - or can I see it in syslog entries?


This Discussion