[unisog] Is anyone using the Cisco FWSM

Allen Rueter allen at cts.wustl.edu
Fri Jul 1 19:48:31 GMT 2005


The fwsm I inherited, host names defined which is nice in once, annoying
in an other.

For example, here's an entry
Jul  1 05:14:04 fwsmseas.cec.wustl.edu Jul 01 2005 05:14:04: %FWSM-4-106023: Deny tcp src outside:128.252.21.16/34015 dst inside:postal/113 by access-group "outside_access_in"

If I want to tally a list of hits on other machines on postal's subnet,
I have to know the names of all the machines since it doesn't give it's
IP address, or I have to delete all the alphabetic names defined in
the fwsm so that it gives me an IP address.

Allen  

On Fri, Jul 01, 2005 at 10:57:28AM -0700, Huba Leidenfrost wrote:
> I don't understand what your sentence "Cisco fwsm needs a switch for force
> on ip addresses instead of names so you can study ip ranges." means.  Would
> you please explain what you mean?
> 
> Thanks,
> Huba Leidenfrost
> huba at uidaho.edu
> ITS Security Analyst
> University of Idaho
> 208.885.2126/7539(fax)
> 
> -----Original Message-----
> From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
> On Behalf Of Allen Rueter
> Sent: Friday, June 24, 2005 6:59 AM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] Is anyone using the Cisco FWSM
> 
> 
> Lucent Brick is better too.
> 
> Cisco fwsm needs a switch for force on ip addresses instead of names so you
> can study ip ranges.
> 
> Allen Rueter
> 
> On Thu, Jun 23, 2005 at 07:54:10PM -0500, Velasquez Venegas Jaime Omar
> wrote:
> > Hello.
> > 
> > I am running a Cisco FWSM blade over here.I've been testing "Cisco VMS 
> > 2.3/Monitoring Center for Security 2.0" in order to analyze logs from 
> > FWSM.
> > Altough I'm not done with my testings yet,my impression is that its 
> > logging details are not as informative as a Checkpoint Firewall-1 
> > Management Center which I used to run.
> > Is anybody here who runs Cisco FWSM and share his/her experiences on 
> > logging tools?
> > 
> > Thanks
> > 
> > JaimeO
> > 
> 
> 
> -- 
> 
> Allen P. Rueter              314/935-6429 Fx:314/935-7302
> Director of CTS              allen at cts.wustl.edu
> Camp Box 1045 Bryan Rm 509     ___ ___ ___
> Washington University         / __|_ _/ __|
> One Brookings Dr.            | (__ | |\__ \
> St. Louis MO  63130           \____|_|____/
> Office: 406B Lopata
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

-- 

Allen P. Rueter              314/935-6429 Fx:314/935-7302
Director of CTS              allen at cts.wustl.edu
Camp Box 1045 Bryan Rm 509     ___ ___ ___
Washington University         / __|_ _/ __|
One Brookings Dr.            | (__ | |\__ \
St. Louis MO  63130           \____|_|____/
Office: 406B Lopata


More information about the unisog mailing list