PIX assessment

[vulnerable <vulnerable () gmail com>]

hello all.

I'm doing an assessment on the config of a pix running 6.3.  Me not
being much of a pix expert have a few questions.

> From reading documentation it is my understanding that if you have
traffic flowing from inside (higher security level) to dmz (lower
security level) interface then you will not require either an ACL or a
static statement permitting this.  However, this particular config is
declaring transparent static's that the documentation I've read says
is unnecessary.  Any reasons why they may be doing this?  I'm going
through a rather long config (3000+ lines), and running some perl mojo
I find that there are over 300 statics defined for addresses behind
the inside interface.  Useless?  Something that perhaps the PDM does?

Oh, I've also been trying to track down the latest rev of pixOS 6.3. 
Can't find it anywhere on cisco's public site.

Also, I've been using the enterastream documentation (1) as a
reference, is there anything else out there that is worth looking at?

1) http://www.enterastream.com/whitepapers/cisco/pix/pix-practical-guide.html
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards