From: Untrust To: Untrust 0 From: Untrust To: Trust From: Trust To: Trust 1 1
BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log
Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log
24
41
75
dip-src-test2
77
dstNatTest
45
Test
Any
Any
Accept
Log
33 Disabled
Accept
None
GroupA GroupB mdean 192 .168 .19 .0 /255 .255 .255 .0 49 Mark 's Test Rule 192 .168 .20 .30 /24 [192.168.20.30 255.255.255.0] 192 .168 .20 .104 /255 .255 .255 .255 192 .168 .20 .11 /255 .255 .255 .255 192 .168 .20 .13 /32 ANY Accept Log
45 64
Test
Accept Accept
Log Log
45 75
Test dip-src-test2
Any Any
Any Any
Accept Accept
Log Log
Dans Cube 12 192.168.1.34 Matts Laptop [192.168.1.33] BGP [tcp/179] Any FTP [tcp/21] Accept Log
BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log
DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log
Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log
Rule 13 makes rule 52 redundant for Services DNS-udp-53, DNS, DNS-tcp-53, FTP
Rule Name Source Destination Service DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log Action Log Comments
BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log
Rule 14 makes rule 49 (Mark's Test Rule) redundant for Destinations 192.168.20.104/255.255.255.255
Rule Name 14 Source Any Destination 192 .168 .20 .104 /255 .255 .255 .255 GroupA GroupB mdean 192 .168 .19 .0 /255 .255 .255 .0 49 Mark 's Test Rule 192 .168 .20 .30 /24 [192.168.20.30 255.255.255.0] 192 .168 .20 .104 /255 .255 .255 .255 192 .168 .20 .11 /255 .255 .255 .255 192 .168 .20 .13 /32 ANY Accept Log Service ANY Action Accept Log Log Comments
DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log
Rule 19 (traffic_test again) makes rule 21 (DanCubeCloned) redundant for Services SSH
Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments
Rule 19 (traffic_test again) makes rule 33 redundant for Services SSH, TELNET
Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] SSH [tcp/22] SYSLOG 33 Disabled 10 .1 .1 .1 /255 .255 .255 .255 192 .168 .20 .60 /255 .255 .255 .255 SYSLOG-udp-514 [udp/514] TELNET [tcp/23] Accept None Service SSH [tcp/22] Accept Log Action Log Comments
BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log
AOL [tcp/5190 - 5194] 11 10 .1 .1 .1 /255 .255 .255 .255 192 .168 .20 .60 /255 .255 .255 .255 FTP [tcp/21] Accept Log
Rule 4 (Allow SMTP 3) makes rule 15 (test) redundant for Destinations SPPhones
Rule Name 4 Allow SMTP 3 Source Any Destination SPPhones [192.168.21.0 255.255.255.0] Service ANY HTTP [tcp/80] HTTPS [tcp/443] SP-Wireless [192.168.22.0 255.255.255.0] 15 test SPInternal [192.168.20.0 255.255.255.0] SPPhones [192.168.21.0 255.255.255.0] fm FireMon [tcp/3192] FireMon3193 [tcp/3193] Accept Log Action Accept Log Log Comments