Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PDM _real extension

I just start PDM on a production PIX that I had to take over and I can see a lot of objet with a _real and _real2 extension. Can't seem to find anything in the pdm doc about those objects that seem a duplication of existing object. What is it?

Please don't laught, I am much more confortable with a Checkpoint firewall...

  • Other Security Subjects
4 REPLIES
Gold

Re: PDM _real extension

just wondering if both _real and _real2 refer to the same ip address. if they are not the same, then i guess one is a private ip and the other one is a public ip.

if my assumption is correct, it's normal as defining objects in pix is different to checkpoint. with pix, an object is more like an ip address. thus providing a pc with two ip, you would need to create two object for the pc.

New Member

Re: PDM _real extension

It is the same object name (and same IP), just with a tag add to it. As if in doubt, the system duplicated the object.

Here for fun, all references to a group:

Notice the reference option in the PDM definition.

object-group network INSIDE_SRV_DC-EXCHANGE

description Ensemble des serveurs requis pour le service OWA

network-object host LEGRECO

network-object host RENOIR

network-object host CLLEXC01

network-object host MONET

network-object host SMAI50001P

network-object host SMAI50002P

network-object host SBQMAIL1

network-object host NTERSYS03

network-object host HLLEXC1

network-object host CLLEXC02

network-object host SCQEXC02

network-object host MTLEXC02

network-object host MTLEXC03

network-object host CHAEXC01

network-object host CHAEXCH02

network-object host SLVQ-MSX

network-object host SDOM50001P

network-object host SMAI50015P

network-object host SDOM50002P-LQ

network-object host SDOM50003P-LQ

network-object host SDOM50004P-500

network-object host SDOM50002P-500

object-group network INSIDE_SRV_DC-EXCHANGE_real

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object host SMAI50001P

network-object host SMAI50002P

object-group network INSIDE_SRV_DC-EXCHANGE_real1

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object SMAI50001P 255.255.255.255

network-object SMAI50002P 255.255.255.255

object-group network INSIDE_SRV_DC-EXCHANGE_real2

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object SMAI50001P 255.255.255.255

network-object SMAI50002P 255.255.255.255

network-object SBQMAIL1 255.255.255.255

network-object NTERSYS03 255.255.255.255

network-object HLLEXC1 255.255.255.255

network-object CLLEXC02 255.255.255.255

network-object SCQEXC02 255.255.255.255

network-object MTLEXC02 255.255.255.255

network-object MTLEXC03 255.255.255.255

network-object CHAEXC01 255.255.255.255

network-object CHAEXCH02 255.255.255.255

network-object SLVQ-MSX 255.255.255.255

network-object SDOM50001P 255.255.255.255

network-object SMAI50015P 255.255.255.255

network-object SDOM50002P-LQ 255.255.255.255

network-object SDOM50003P-LQ 255.255.255.255

network-object SDOM50004P-500 255.255.255.255

network-object SDOM50002P-500 255.255.255.255

access-list ACL_SCZ permit tcp object-group SCZ_SRV_OWA object-group INSIDE_SRV_DC-EXCHANGE object-group SERVICE_OWA

access-list ACL_SCZ permit udp object-group SCZ_SRV_OWA object-group INSIDE_SRV_DC-EXCHANGE object-group SERVICE_OWA

pdm group INSIDE_SRV_DC-EXCHANGE_real inside

pdm group INSIDE_SRV_DC-EXCHANGE_real1 inside

pdm group INSIDE_SRV_DC-EXCHANGE_real2 inside

pdm group INSIDE_SRV_DC-EXCHANGE sczA reference INSIDE_SRV_DC-EXCHANGE_real2

New Member

Re: PDM _real extension

This is a bug with PDM. It tends to create duplicate object groups.

New Member

Re: PDM _real extension

Interesting if it is a problem with PDM. It's a huge problem with VMS - it's always adding suffixes to object groups and access-lists.

Is this mentioned anywhere in PDM release notes, or perhaps a bug ID?

229
Views
0
Helpful
4
Replies