07-16-2003 07:22 PM - edited 02-20-2020 10:51 PM
Our PIX logs are loaded with deny reports regarding udp port 137 traffic coming from our Win Servers, it's making it difficult at times to spot other deny messages we need to be investigating.
Disabling NetBIOS over TCP/IP on the Servers is unfortunately not an option for us in this particular VLAN. The underlying infrastructure is a Catalyst 6500 Switch and we are wondering if there is a way, using its feature set, to filter the traffic inbound to the PIX's port. We would like to block UDP/137 at the port therefore dropping the unwanted packets before the PIX even sees them.
We've looked into VACLs but are only aware of their ability ACL on MAC address, not higher level traffic. Being this PIX interface and the Servers are in the same Layer2 VLAN, we don't have a Layer3 interface we can leverage to apply an ACL to.
Is anyone else dealing with this issue, any suggestions?
Solved! Go to Solution.
07-16-2003 11:12 PM
Hi,
to make the logging op NetBios disappear, you have the possibility to create an access list entry that matches the netbios traffic and disables logging for that entry. At the end of the access-list entry just add "log disable".
This feature requires PIX OS v6.3.
Kind Regards,
Tom
07-16-2003 11:12 PM
Hi,
to make the logging op NetBios disappear, you have the possibility to create an access list entry that matches the netbios traffic and disables logging for that entry. At the end of the access-list entry just add "log disable".
This feature requires PIX OS v6.3.
Kind Regards,
Tom
07-16-2003 11:43 PM
Hi,
I have same problem with Pix 6.2.
Any ideas?
07-17-2003 04:14 AM
Thank-you for your information Tom !
We plan to take your advice and upgrade to 6.3 in order to implement this solution.
Thanks again !
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide