I recently switched jobs and now need to cleanup the PIX at the new job. Unfortunately after 3 admins who only did enough to get it to work, it has quite a bit of kruft.
A. PDM shows a few null rules in the access list. Just delete them since they don't work anyway?
B. There is a permit rule permitting all IP traffic out of the dmz. Isn't this redundant since on most firewalls all traffic is allowed in and out of a DMZ by default? Is cisco different?
C. There is also a rule permitting outbound traffic from the dmz to the inside network. Now, assuming the rule in B is necessary, then isn't this one redundant?
With the use of group objects, I am slowly but surely untangling the quagmire of access-list statements. I think I should get an honorary CCNA when I'm done.
A. PDM shows a few null rules in the access list. Just delete them since they don't work anyway?
B. There is a permit rule permitting all IP traffic out of the dmz. Isn't this redundant since on most firewalls all traffic is allowed in and out of a DMZ by default? Is cisco different?
C. There is also a rule permitting outbound traffic from the dmz to the inside network. Now, assuming the rule in B is necessary, then isn't this one redundant?
With the use of group objects, I am slowly but surely untangling the quagmire of access-list statements. I think I should get an honorary CCNA when I'm done.