Conduits Allow Access. Routes Dont. Is this a Good Practice?
I have to allow FTP access to my 172.16.1.X network. Outside IPs are 22.214.171.124, 126.96.36.199 and 188.8.131.52.
My single conduit statement allow the whole 1.1.1.X to access my FTP Server but I have added routes only for the above 1.1.1.X machines. I think by keeping my conduit list small (using one conduit for 1.1.1.x instead of three), I am saving processor-cycles on firewall and improving packet latency. Is this thinking appropriate?
Re: Conduits Allow Access. Routes Dont. Is this a Good Practice?
the PIX firewall OS is an optimized platform for handling security. I am not a cisco pix developper but I don't believe that adding two more lines to your pix config will slow it down. So I should choose for two extra lines. Of course performance is an important issue, but on a pix, security should always come first. That's my opinion.
(By the way, cisco is moving towards using the 'access-lists' command instead of the 'conduit' command)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...