We are in the middle of comparing PIX (6.x) and Checkpoint for purchase. So far PIX is winning on speed and configurability, but loosing on GUI and troubleshooting. I would like to fix that if I could be pointed to the right docs on troubleshooting in the PIX. The Checkpoint GUI lets me see a near real time log of accepts and more importantly rejects (with the rejected rule number) of conversations between internal and external hosts. Can the PIX provide a logging function similar to that? I was thinking along the lines of log facility to syslog and I could grep through the log for what I needed. Basically - source ip\port -> dest ip\port accept or reject. Any pointers would help me move the troubleshooting catagory over to the PIX side.
I do have a dedicated syslog server for use. The problem is I don't have a PIX yet - we are outgrowing our Nokia IP330/Checkpoint combo - we have to upgrade and now is the perfect time to look at the two products (Nokia IP650/Checkpoint and PIX 525), compare them and decide which one to go with - I like the PIX on paper but I need to prove why before management will buy off on the change. In troubleshooting on the Checkpoint box I can see packets being rejected and the port they are on to troubleshoot an application issue. If I log the PIX to syslog can I see accepts and rejects in the logs and what would they look like? The doc you listed mentions the ability to web publish a capture -any screen shots of what that would look like?
ie: Often an application programer will tell me that he can't test the app he is working on through the firewall, they will not give any specifics, just that it doesn't work. I filter the log to watch for rejects only from the internal host, find the port it is rejecting on in the firewall log and open the port from that host to the external side. Would I have to create a generic "reject" capture rule on the PIX to see this - or can I see it in syslog entries?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :