- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Permit Ping access thru PIX FW [7:47193] posted 06/23/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Hi Sarkis

The short answer is - no.
The conduit command in this case is just allowing the reply to come back in.
The outgoing ping will be allowed out by default.
Unlike access lists the conduit does not specify which interface the 'rule'
is to be applied to, so, with the conduit command you will be letting
replies in from outside and from the DMZ.

An access list doing the same thing would need to be applied to both the DMZ
and the outside interface. For this reason, the conduit is nice for testing,
because it's one command instead of 3 minimum.


""Karagozian Sarkis""  wrote in message
> HI all
> BCMS book says: permit ping access thru the PIX Firewall with the
> conduit permit icmp any any command, letting hosts on the inside ping
> outside hosts.
> Does this mean I can't ping the dmz interface?? and it only allows pings
> from inside Interface to the Outiside global hosts ??
> for example: ping outside 4.22.122.xx  (able to ping)
> But, ping dmz (Not able to ping)
> Thanks
> Sarkis

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx