07-19-2007 04:20 AM - edited 03-09-2019 06:25 PM
All,
I've inherited a network with over 20 sites using PIX ver 6.X and 7.X as the border firewalls. All the VPN's between the sites are wide open and I need to lock them down. I have several months worth of syslogs. Can anyone recommend a tool that can report on the syslogs which ports are being used on which which VPN's? Preferably if they could analyze the syslog files.
thanks
07-19-2007 05:09 AM
For a onetime effort like this, I would recommend putting the files on a unix/linux box and using find/grep/awk.
07-19-2007 05:47 AM
There are a ton of options out there.
http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PIX+log+analyzer&spell=1
07-19-2007 05:58 AM
While I agree there are a lot of options out there (I have looked) I was asking for recommendations. What I really am looking for it ones that are able to present results on the IP ranges in the VPN config.
what I need is a tool that can identify matching IP's in the subnets used by the VPN ACL (ie 192.168.1.1 is part of the 192.168.1.0/24 range) I have a large amount of subnets carved up in various sub classes so searching for say 192.168.1 would not cut it. The nearest I found was managenegine's offering but it did not seem to work with all subnets.
many thanks
09-12-2007 06:43 AM
Hi,
I am posting this with a disclaimer that I am part of ManageEngine offerings.
I believe Firewall Analyzer has filters that supports IPRange/CIDR. Hence your requirement could be easily achievable with that.
May be http://forums.adventnet.com/viewforum.php?f=61
would help you further.
regards,
MSK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide