The PIX supports several popular multimedia applications. Its application inspection function dynamically opens and closes UDP ports for secure multimedia connections.
Supported multimedia applications include the following:
•
Microsoft Netshow•
Microsoft Netmeeting•
Intel Internet Video Phone•
VDOnet VDOLive•
RealNetworks RealAudio and RealVideo•
VocalTech•
White Pine Meeting Point•
White Pine CuSeeMe•
Xing StreamWorks•
VXtreme WebTheatreFoundation Summary 125
Foundation Summary
Inbound traffic that initiates from the outside is automatically denied access by default on the PIX. Rules have to be put in place to permit traffic to initiate from the outside to servers and subnet on the Cisco PIX Firewall. The rules are usually made up of a static nat command and access list. The static nat command identifies the subnet or host where traffic will be permitted to go to from the outside. Access lists are then configured to identify and permit the type of traffic to the subnet or host identified by the static command. The following is an example of rule that permits http traffic to be intitated from the outside to a webserver 10.1.2.39 on the inside interface of the PIX:
s ss
sttattaaattittiiicccc((((iiiinnsnnsssiidiidddeeee,, ,, oouoouuuttttssssiiiiddeddeee)) )) 111199299222..1..11166668888....11.11...11211222 11011000..1..111....2222....33933999 nnnneeeettmttmmmaasaassskkkk 222255555555..2..222555555.55...225225555555....222255555555 a
aa
acccccccceeseesssssss----lllliisiissstt tt 111122022000 ppppeeeerrrrmmmmiitiittt ttttccccpp pp aanaannnyyyy hhhhoosoossstt tt 111199299222..1..11166668888....11.11...11211222 eeqeeqqq wwwwwwwwwwww a
a a
acccccccceeseesssssss----ggggrrorrooouupuuppp 1121122200 00 iiiinnnn iiniinnnttetteeerrrrffaffaaaccecceee oooouuuuttsttsssiidiidddeeee
TurboACL is a feature introduced with Cisco PIX Firewall OS version 6.2 that improves the average search time for access control lists(ACLs) containing a large number of entries.
TurboACL feature is only applied to access lists with a minimum of 19 access list entries (ACE) to a maximum of 16000 ACE.
The object grouping feature enables you to group objects such as hosts (servers and clients), services, and networks, and apply security policies and rules to the group. The four types of object groups are:
•
Network•
Protocol•
Service•
icmp-typeThe PIX supports several popular multimedia applications. Its application inspection function dynamically opens and closes UDP ports for secure multimedia connections.
Popular multimedia applications such as RealPlayer, Microsoft NetMeeting, and others are supported by the Cisco PIX Firewall.
126 Chapter 7: Configuring Access
Q&A
The questions in this section do not attempt to cover more breadth or depth than the exam;
however, they are designed to make sure that you know the answer. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess. Be sure to use the CD and take the simulated exams.
The answers to these questions can be found in Appendix A.
1 What is the maximum number of access list entries in one access list that TurboACL supports?
A 19
B 2000
C 16,000
D 10
2 What is the minimum number of access list entries needed in an access list for TurboACL to compile?
A 4
B 19
C 16,000
D No minimum is required
3 Which of the following is not one of four options for object types when you create an object group?
A Network
B Protocol
C Application
D Services
4 True or false: By default, traffic initiated from the outside (external to the PIX) is allowed in through the PIX.
Q&A 127
5 What command lets you create a network object group?
A object-group network group-id
B enable object-group network group-id
C create network object-group
D network object-group enable
6 What command enables TurboACL globally on the PIX Firewall?
A turboacl global
B access-list compiled
C access-list turboacl
D You cannot enable TurboACL globally
7 What is the minimum memory requirement for TurboACL to work?
A 8 MB
B 100 Kb
C 2.1 MB
D 4 MB
This chapter covers the following exam topics for the Secure PIX Firewall Advanced Exam (CSPFA 9E0-111):
11. Syslog configuration
C H A P T E R 8
Syslog
System logging, otherwise known as syslog, on the Cisco PIX Firewall makes it possible for you as an administrator to gather information about the PIX unit’s traffic and perfor-mance. You can use syslog messages generated by the PIX to troubleshoot and analyze suspicious activity on the network.
This chapter describes how to configure syslog on the Cisco PIX Firewall and interpret the messages it generates.
“Do I Know This Already?” Quiz
The purpose of this quiz is to help you determine your current understanding of the topics covered in this chapter. Write down your answers and compare them to the answers in Appendix A. If you have to look at any references to correctly answer the questions, it is a good idea to read the chapter. Device activity and performance logging are very important network functions that too often are given a lower priority by many network administrators.
This chapter helps you understand how syslog works on the Cisco PIX Firewall unit and how to configure it. The concepts in this chapter are the foundation of much of what you need to understand to pass the CSPFA Certification Exam. Unless you do exceptionally well on the “Do I Know This Already?” pretest and are 100% confident in your knowledge of this area, you should read through the entire chapter.
1 What port does syslogd listen on by default?
2 What is the total number of logging facilities available for syslog configuration?
3 True or false: If the PIX is set to Warning level, critical, alert, and emergency messages are sent in addition to warning messages.
4 What is the command for sending syslog messages to Telnet sessions?
5 What is the logging trap command used for?
6 What is the command used to enable logging on the failover PIX unit?
7 Why would you use the timestamp command parameter?
8 What is PFSS?
130 Chapter 8: Syslog