![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
We have a DMZ. We have our secure network as well. We have an SNMP server on the secure side. It can monitor devices on the dmz that it needs, the PIX firewall itself, and even the routers that sit on the outside.
Some traffic to the outside and from the outside coming in is controlled by our raptor software firewall. Other traffic is controlled by our Cisco PIX firewall. The DMZ switch traffic is pretty much controlled by the PIX. So when a computer on the internet needs to see a website on our server, it comes in through the routers, goes to the PIX, the pix then nat's the outside address of the server to it's DMZ address, and voila.
Anyways, since we don't allow anything to ping any interface on the DMZ switch, it's kinda tough for the SNMP server to monitor the switch. The PIX is allowed to ping whatever it wants (duh). I can ping anything on the subnet that is on the DMZ switch, but cannot figure out how to be able to ping the DMZ switch's interface. I created an interface so the SNMP can monitor the DMZ switch. The PIX can ping it fine, but the SNMP box cannot.
What do I need to do on the PIX switch to let the SNMP box which is on our private (secure) network ping the DMZ switch interface? Is it an access-list command?
Some traffic to the outside and from the outside coming in is controlled by our raptor software firewall. Other traffic is controlled by our Cisco PIX firewall. The DMZ switch traffic is pretty much controlled by the PIX. So when a computer on the internet needs to see a website on our server, it comes in through the routers, goes to the PIX, the pix then nat's the outside address of the server to it's DMZ address, and voila.
Anyways, since we don't allow anything to ping any interface on the DMZ switch, it's kinda tough for the SNMP server to monitor the switch. The PIX is allowed to ping whatever it wants (duh). I can ping anything on the subnet that is on the DMZ switch, but cannot figure out how to be able to ping the DMZ switch's interface. I created an interface so the SNMP can monitor the DMZ switch. The PIX can ping it fine, but the SNMP box cannot.
What do I need to do on the PIX switch to let the SNMP box which is on our private (secure) network ping the DMZ switch interface? Is it an access-list command?
