Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to verify the current connections on a firewall?

I am a new computer support specialist in a small company. We would like to focus on network security. How can I verify the current connections on a PIX firewall? We would like catch malicious behavior while it's occurring. How do I inspect all the connections going through our firewall - both in and out. My focus is on anomalies and investigate them; this could include outbound FTP or inbound Telnet/SSH sessions. We have a Cisco perimeter router, which functions as the company firewall. A PIX firewall sits behind the router and its sole function is to build and terminate IPSEC tunnels. I would appreciate any advise.

Thanks.

Said

2 REPLIES
Hall of Fame Super Blue

Re: How to verify the current connections on a firewall?

Hi Said

"sh crypto isa sa" will show all the IPSEC phase 1 connections to your pix.

"sh crypto ipsec sa" will show all the IPSEC phase 2 connections to your pix.

"sh conn" will show all the connections that have been allowed through your pix.

HTH

Jon

New Member

Re: How to verify the current connections on a firewall?

you should setup a syslog server somewhere and you can collect a lot data. All you would need is to figure out what kind of level of messages you want to get. Good luck.

you can get syslog software for free from the net.

139
Views
0
Helpful
2
Replies
CreatePlease login to create content