Re: Pix 515 - Translation Exemption Rules to DMZ

whiteford · ‎03-13-2006

I have a webserver on our DMZ and created a translation exemption rule from my PC (inside) to this DMZ server. I have done nothing else and I can use a web browser to get to it. I have created no rules for http or anything - should this happen??

pkhatri · ‎03-13-2006

That is fine - you are going from a trusted interface (inside) to a less trusted interface (dmz) so that is okay. The PIX imposes stricter controls on packets from less trusted interfaces to more trusted interfaces.

So what you are seeing is as per design.

Hope that helps - pls rate the post if it does.

Paresh

whiteford · ‎03-13-2006

Thanks, what I don't understand is that I can get onto the Http website but not the Shares or anything else. It's actually only the web site I need, but may need the shares too later.

pkhatri · ‎03-13-2006

If you can't get into the shares, I suspect that it's not the firewall that is the problem. If you have not configured any form of access control, then you should be able to access everything through the PIX.

Paresh

whiteford · ‎03-13-2006

so as long as i have the Translation exempt rule in from my PC to the DMZ webserve then everything should be acceccible? no extra rules are needed?

pkhatri · ‎03-13-2006

That is correct.

Pls remember to rate posts that help.

Paresh