I have an extended ACE configured on a PIX Firewall. The purpose of the Firewall is a choke point coming off of the customer's DMZ into the Production networks.
There are a couple of hosts on networks inside of the Firewall that hosts in the DMZ need access to.
I have configured the ACE based upon sniffer traces which are giving me the destination ports being sought.
For whatever reason, when I do a show access-list command, I do not see the hit counts incrementing for the ports I have opened; even though I know the traffic is making it thru based upon the data captured in the sniffer.
Here is an example statement:
access-list outside_inside line 34 extended permit tcp host 172.16.1.8 eq 445 host 198.100.100.147 (hitcnt=0).
Based upon the app launched on the DMZ box, and the traffic captured in the sniffer, this ACE statement should have a hit.
I have tried launching the applicaiton over and over in an attempt to see the hit count increment, but to no avail.
I would think that maybe I had these statements configured incorrectly, but I dont think that is the case either.
Any suggestions welcome.
Thank You.