PIX PDM

[CMASPE]

This is more of a statement than a question...I setup a little PIX 501 today and I HATE the web interface to configure the PIX. I ended up clearing the whole thing out and command lining the config.

 

[xlee]

I hate it too. I actually use the command line feature within PDM if I have to use it.

 

[jlavin]

PDM is a major security no no. I would reccomend not using it at all and even taking all of the pdm statements out of your config.

 

[berford]

Why do you hate PDM?

Why is PDM a security no-no?

Liberty for All,

Brian

 

[Iota]

PDM is okay, but if you're familiar with IOS, commandline is much easier.

I don't see how PDM is a security no-no considering it will only accept connections from a specificed host/subnet, it uses the same password as ena, and all the traffic is SSLd.

Telneting is more of a no-no than PDM.

 

[Guest_imported]

The main problem as I see it is that the current version is still rather green and doesn't support all of the Pix Features. It only creates access lists and if you enter a conduit command from the command line it tries to parse it as an access list statement with strange results.
It doesn't handle vpn stuff at all and if you enter vpn commands from the command line it can't parse them and comes up with a "cannot display page error".
Might get better with future versions