Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

DNS Loophole fix for PIX 515e

With the current problem with DNS - allowing redirection to phising site - was wondering if the upgrade to V7 would also have a patch for this?

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(1)

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Any ideas - many thanks?

New Member

Re: DNS Loophole fix for PIX 515e

Depends on what you are thinking a 'fix' is.

Version 7 has the id-randomization feature which you can do on your DNS server anyway. If you have a 1-to-1 static with your DNS server you can utilize random source ports from your DNS server which has no firewall intervention. If you have a recursive DNS server going through a PAT address then there is the problem of source port randomization becoming serialized which version 7 does not seem to help and of which there does not seem to be a workaround for.

I've got a similar question posed as well:

CreatePlease to create content