Config tool for Pix

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I am looking for a config tool for my Pix firewall that will keep
track of configuration changes to make it easier to roll back, or if
it crashes, etc. - make it easy to know what has changed on it
recently to pinpoint problems. Does anyone have any suggestions?

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Krisa wrote:

> I am looking for a config tool for my Pix firewall that will keep
> track of configuration changes to make it easier to roll back, or if
> it crashes, etc. - make it easy to know what has changed on it
> recently to pinpoint problems. Does anyone have any suggestions?

Krisa,

The way I do this is to backup the PIX config to a TFTP server before
implementing any changes to the PIX.

Then if any problems occur after the changes, you can reload the "good"
config back from the TFTP servers. Much documentation is on google.


Chad

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

krisa.w.rowland@erdc.usace.army.mil (Krisa) wrote in
news:78f276ba.0404151130.117b9295@posting.google.com:

> I am looking for a config tool for my Pix firewall that will keep
> track of configuration changes to make it easier to roll back, or if
> it crashes, etc. - make it easy to know what has changed on it
> recently to pinpoint problems. Does anyone have any suggestions?

One option that I do is save the config as firewall.20040419.cfg for
today's changes and tftp them to a server. Then when you are finished you
can use either windiff or diff (depending on your preference) to compare
it to the previous day's changes and see only the lines that have changed
to validate that you typed everything correctly.