We run Sidewinders here. They are definitely the best Layer 7 firewalls you can by...if you want to spend $100,000. Checkpoint is a good Layer 4 firewall. You can also get a Cisco Pix 515 with IPsec for about $3000.
You can see how many current connections you have by doing a "sho conn count". You may want to try to up your number of allowed embryonic connections to a thousand.
nat (inside) 1 192.168.0.1 255.255.255.255 1000 1000
Question 1:
To allow ping you need to add access list statements for echo replies.. This statements will allow anyone from your inside interface to ping anything on the internet or in your dmz.
access-list INSIDE permit icmp any any
access-list DMZ permit icmp any any echo-reply
access-list...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.