Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX Conversation logging versus Checkpoint

We are in the middle of comparing PIX (6.x) and Checkpoint for purchase. So far PIX is winning on speed and configurability, but loosing on GUI and troubleshooting. I would like to fix that if I could be pointed to the right docs on troubleshooting in the PIX. The Checkpoint GUI lets me see a near real time log of accepts and more importantly rejects (with the rejected rule number) of conversations between internal and external hosts. Can the PIX provide a logging function similar to that? I was thinking along the lines of log facility to syslog and I could grep through the log for what I needed. Basically - source ip\port -> dest ip\port accept or reject. Any pointers would help me move the troubleshooting catagory over to the PIX side.

New Member

Re: PIX Conversation logging versus Checkpoint

Packet capture in PIX 6.2.

Also, do you log your pix on a syslog server?


New Member

Re: PIX Conversation logging versus Checkpoint

I do have a dedicated syslog server for use. The problem is I don't have a PIX yet - we are outgrowing our Nokia IP330/Checkpoint combo - we have to upgrade and now is the perfect time to look at the two products (Nokia IP650/Checkpoint and PIX 525), compare them and decide which one to go with - I like the PIX on paper but I need to prove why before management will buy off on the change. In troubleshooting on the Checkpoint box I can see packets being rejected and the port they are on to troubleshoot an application issue. If I log the PIX to syslog can I see accepts and rejects in the logs and what would they look like? The doc you listed mentions the ability to web publish a capture -any screen shots of what that would look like?

ie: Often an application programer will tell me that he can't test the app he is working on through the firewall, they will not give any specifics, just that it doesn't work. I filter the log to watch for rejects only from the internal host, find the port it is rejecting on in the firewall log and open the port from that host to the external side. Would I have to create a generic "reject" capture rule on the PIX to see this - or can I see it in syslog entries?

Cisco Employee

Re: PIX Conversation logging versus Checkpoint

Here is how you set the pix for syslog: .

Here is an explanation of the syslogs:

Hope this answers your questions.


CreatePlease to create content