I have recently installed Pix 6.3.1 and PDM 3.0.1 for a customer. Personally, I never use PDM but my customer is keen to because he doesn't know the command line too well and there are lots of object-group and long ACLs to administer. The first query I had was an initial screen where the PDM's not sure
which interface specific names/ip addresses reside on. From an earlier posting, I believe that PDM requires a PDM location for everything and by confirming the interface, a pdm location will be built. Is this correct? Is it possible/recommended to add pdm locations manually at the CLI?
My next query is with names and object-groups. Some appeared to be missing but when I try to enter them, pdm complains that they already existed? This is no good if we want to create an additional ACL entry using the name/group.
Lastly, I have lots of null entries in my ACLs. I am not sure if this is a result of "missing" names and object-groups? Are these entries ignored when premitting/denying traffic? Also, when I expand ACL entries, some of the addresses/names/object-groups appeared to be on the wrong interface. I tried correcting the interface but then there was no groups available to select in the drop down boxes.
To summarise, I think these problems stem from names/groups not being assigned to correct interfaces. I am looking for some guidance on how to tidy this up so that pdm can be used to manage ACLs.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...