In Version 6.2 the PIX allows you to use object grouping. Earlier versions do not have any similar feature. > -----Original Message----- > From: Mark McCreary [mailto:MMcCrearyat_private] > Sent: Friday, October 18, 2002 3:41 AM > To: firewall-wizardsat_private > Subject: [fw-wiz] PIX Firewall IP Addresses > > > We are using a CISCO PIX firewall version 5.2(5), with both > NAT and PAT > enabled. My task is to clean-up/reduce the number of conduit > rules. I am > new at this. > > While reviewing the rules in place, I noticed many cases > where individual > rules are written for consecutive IP addresses. My question > is whether > the syntax allows for a "range" of addresses to be used in > one rule. For > example, > > Rules written to allow access from source addresses - 172.165.50.200, > 172.165.50.201, 172.165.50.202 > > Can a source address on one rule replace the 3 rules above, such as > 172.165.50.200-202 > > Thank you for any assistance. > > Regards, > > Mark McCreary > _______________________________________________ > firewall-wizards mailing list firewall-wizardsat_private > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards > _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:30:18 PDT