Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Best practices for PIX ACL's

Installed a new PIX and want to secure both outside and inside using ACL's, etc.

Anyone know of a good doc, perhaps on the Safe site?

5 REPLIES
Community Member

Re: Best practices for PIX ACL's

I am unaware of a document like that I cna however give you some pointers from my experience.

1. Remember the implicit deny all

2. Be as granular in permitting traffic as you can be

3. Sometimes the best engineered solution has to bend to business needs

4. Use object groups to group subnets / hosts

5. Use the remark feature so 2 months from now you can recall why something is there

Thats my .05 hope it helps.

Community Member

Re: Best practices for PIX ACL's

thanks, yes, I'll add those to my list of to-do's.

Community Member

Re: Best practices for PIX ACL's

SANS offers a course called "Working with Firewall Rule Bases". If you've been working with firewalls a long time, you may or may not find it useful, but it deals with just this sort of thing, and I think it would be very good for someone relatively inexperienced with working with firewalls. Here's a url:

http://www.sans.org/training/description.php?mid=130&portal=6239c11a87ccaa2cc1cc4e1010fe7065

Larry Owen

Gold

Re: Best practices for PIX ACL's

read rfc 2827.

and block everything from china, unless that's where you live.

google 'bogon filtering'

Community Member

Re: Best practices for PIX ACL's

thanks, srue. I need to go there to read up on my BGP rfc's anyway, I'll check this one as well. I'm new to mid to PIX so if I have questions, I'll post em here.

300
Views
0
Helpful
5
Replies
CreatePlease to create content