Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I monitor the activity on my PIX 501

Posted on 2006-04-19
8
Medium Priority
?
195 Views
Last Modified: 2013-11-16
Hello Experts,

I would like to know how to monitor what is being denied and allowed through my PIX 501 firewall.  I need to be more proactive about detecting network attacks and/or malicious activity hitting my network.

I have a PIX 501 firewall protecting a SBS 2003 server network.

I know enough about the PIX to get it configured and running with VPNs, basic access lists, and static statements, but that's about it.

Please help me understand how to monitor this device.  I would like a solution that is manageable as I cannot dedicate my efforts to 24/7 network monitoring.  I'm a one man shop.

Thanks in advance for your help!

Jamie177
0
Comment
Question by:jamie177
  • 3
  • 2
  • 2
7 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 16488816
Configure logging on the PIX and get the Kiwi Syslog Monitor (Free) from the net. Install the kiwi on a machine in your network and have PIX forward all the logging to this server. Done.

logging on
logging host <hostipwherekiwiisinstalled>

Once you play around with this, you can make it more appropriate based on the data you get.

Cheers,
Rajesh
0
 

Author Comment

by:jamie177
ID: 16489815
Thanks Rajesh!

I'll get this going and report back how it goes.

Regards,

Jamie177
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16489924
Sure. If you also interested in seeing traffic patterns, you can use MRTG or PRTG and it works well (MRTG is free)

Cheers,
Rajesh
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16492266
Just as an aside, bear in mind that the logging will have an impact (potentially) on performance so don't forget to switch it off in due course.
0
 

Author Comment

by:jamie177
ID: 16492517
Thanks for thei input Keith.

Is there a way to monitor the system without impacting the performance?  We are a pretty low throughput shop, so I don't see that it will be an impact by leaving it on.

The point of monitoring would be to be proactive about network attacks and traffic patterns.  Keith you make it sound like logging is for troubleshooting issues, then you turn it off.

I'm a newbie at this stuff so by all means please educate me.

Thanks,

Jamie177
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16492717
Don't count this towards your answer as Rajesh has already given you that. this is simply as you have asked.

Yes, that is the predominant reason for logging; troubleshooting. devices such as PIX are designed to spend all of their resources such as memory, cpu etc on routing traffic through the correct interfaces subject to the meeting of the criteria set within the ACL's they are configured with. by switching on logging, that memory now has to process every packet that enters and leaves, store it (for the statistics), decide if it needs to keep it or do something with it etc. Logging can be set at differing levels from just critical conditions right the way through informational. The higher, more detailed the level, the greater the overhead to the PIX. A PIX 501 whilst a brilliant little unit does not have a great deal of memory to start with.... That said, if you have a very low useage requirement, you will likely be fine.

Conversely, products such as PRTG/MRTG and the like are running on seperate boxes with their own CPU/memory so they carry the processing overhead. All the PIX has to do is to respond to the SNMP requests. this is still an overhead to the PIX but far less than logging does.

I'm sure rajesh will back me up on this, he is the Cisco man; I'm ISA Server man ... lol

Regards
keith
.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16494004
Lol :-) I sure agree Keith. It really depends on whether your PIX can take it or not? Keith's point was rather like if you are gonna use it continously then make sure your PIX is not 'sad' about it.

Cheers,
Rajesh
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question