Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Displaying the ports that are open on PIX506E

Posted on 2003-12-03
6
Medium Priority
?
355 Views
Last Modified: 2010-04-09
I am very new to the PIX and i was wondering if there is a way to display the ports that are open on my firewall through the PDM.  I can also use the CLI if that is easier.  Thanks.
0
Comment
Question by:sbock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9869022
write t command statement to list the configuration.
0
 

Author Comment

by:sbock
ID: 9869171
so when i do that, i get alot of fixup protocols that show up.  What does that mean?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 9869510
fixup protocols are not "holes" or open ports. These commands look deeper into the packets for upper layer instructions that fit within the norm. They only work in conjunction with access-lists. Only an inbound access-list (or a conduit) can "open ports"
i'm assuming that you are using PIX 6.x with the PDM, and therefore are NOT using conduit commands. Is this correct?
With the PDM, File/"show current config in new window" is the same as a CLI "show config"
Just look at the access-list that is "applied" with the following command:
access-group <acl> in interface outside
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:sbock
ID: 9869760
yea, i'm using 6.3(1) with PDM.  Here is my current config....

PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password H373hETCVaeLW7xk encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname FireWall
domain-name .net
clock timezone CST -6
clock summer-time CDT recurring
no fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside 63.239.xxx.xxx 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 0.0.0.0 255.255.255.0 outside
pdm location 192.168.0.100 255.255.255.255 inside
pdm location 192.168.0.1 255.255.255.255 inside
pdm location 192.168.0.122 255.255.255.255 inside
pdm logging notifications 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 63.239.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.0.1 255.255.255.255 inside
http 192.168.0.0 255.255.255.0 inside
http 192.168.0.100 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.0.1 c:/TFTP-Root
floodguard enable
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80


I'm assuming that i don't have any ports open right now because i don't have any access-lists.  And since i don't have any access-lists, the fixup ports are just there waiting to be used.  Am i correct?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9870219
Exactly. You have no open ports for un-invited traffic, the fixups don't necessarily just sit there, they are part of the Adaptive Security Algorithm to support the returns of outbound requests. For example, the fixup ftp is required because your outgoing ftp request is initiated on one port, and the data is sent on another port.
0
 

Author Comment

by:sbock
ID: 9870540
cool.  thanks for the help.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question