© 2000, Cisco Systems, Inc. CSPFF Chapter 9 Configure Syslog and Perform General Maintenance Tasks

© 2000, Cisco Systems, Inc. CSPFF Objectives Upon completion of this chapter, you will be able to perform the following tasks: Configure the PIX Firewall to forward syslog messages. Recover PIX Firewall passwords using general password recovery procedures. Perform general maintenance on the PIX Firewall appliance.

© 2000, Cisco Systems, Inc. CSPFF Syslog Messages

© 2000, Cisco Systems, Inc. CSPFF Configure Syslog Output to a Syslog Server Inside host Syslog server Pod Perimeter Router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host Web and ftp server P.0/24

© 2000, Cisco Systems, Inc. CSPFF Syslog Messages The PIX Firewall sends syslog messages to document the following events: Security Resources System Accounting

© 2000, Cisco Systems, Inc. CSPFF show logging Configure Message Output to the PIX Firewall Buffer Step 1: Send syslog messages to an internal buffer. Step 2: View messages in the internal buffer. pixfirewall(config)# logging buffered level Step 3: Clear the internal buffer. clear logging pixfirewall(config)# Enable or disable specific syslog message type logging. [no] logging message syslog_id pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF logging trap level Configure Message Output to a Syslog Server Step 1: Designate the syslog host server. Step 2: Set the logging level. pixfirewall(config)# logging host [in_if_name] ip_address [protocol/port]

© 2000, Cisco Systems, Inc. CSPFF [no] logging on Configure Message Output to a Syslog Server (cont.) Step 5: Start or stop sending messages to the syslog server. pixfirewall(config)# Step 3: Set the facility marked on all messages. logging facility facility pixfirewall(config)# Step 4: Start and stop sending timestamp messages. [no] logging timestamp pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall General Maintenance

© 2000, Cisco Systems, Inc. CSPFF General Maintenance The Cisco Secure PIX Firewall has four important areas of maintenance to consider: Password recovery Install memory Install a circuit board

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall 520 Password Recovery Download the following files from Cisco Connection Online: –npXXX.bin, where xxx is the PIX Firewall image version number –rawrite.exe Use rawrite to copy npXXX.bin to a floppy diskette. Boot the PIX Firewall from the floppy diskette. Follow the directions displayed.

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall 515 Password Recovery Download the following file from Cisco Connection Online: npXXX.bin, where xxx is the PIX Firewall image version number. Reboot the system and break the boot process when prompted to go into monitor mode. Set the interface, IP address, gateway, server, and file to tftp the previously downloaded image. Follow the directions displayed.

© 2000, Cisco Systems, Inc. CSPFF Install Memory Upgrade The PIX Firewall 515 comes with either 32MB or 64MB of DIMM memory chips. Most earlier PIX Firewall models come with SIMM memory chips. Inserting a DIMM Inserting a SIMM

© 2000, Cisco Systems, Inc. CSPFF Install a Circuit Board Installing a circuit board in a PIX Firewall 515 also requires the use of the PIX Firewall 515-UR unrestricted feature license.

© 2000, Cisco Systems, Inc. CSPFF Lab Exercise

© 2000, Cisco Systems, Inc. CSPFF Lab Visual Objective Inside host Syslog server Backbone server Web, FTP, and TFTP server Pod Perimeter Router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host Web and ftp server P.0/24 Internet

© 2000, Cisco Systems, Inc. CSPFF Summary

© 2000, Cisco Systems, Inc. CSPFF Summary The PIX Firewall can generate syslog message for system events. Password recovery for the PIX Firewall requires the use of a diskette on the 520 and TFTP on the 515. Recovery files are located on Cisco Connection Online at General maintenance and upgrading of the PIX Firewall includes: upgrading memory and installing additional interfaces.

© 2000, Cisco Systems, Inc. CSPFF Summary (cont.) If and when you are upgrading system memory, beware of ESD. A wrist-grounding strap will be included with your PIX firewall at time of purchase. When installing circuit boards, the maximum interfaces allowed on the PIX Firewall is six. When installing an additional circuit board on the PIX Firewall 515, you must have the PIX Firewall 515-UR unrestricted feature license to access the interface and establish connectivity. Without this feature license, any board you install in the PIX Firewall 515 is ignored.

© 2000, Cisco Systems, Inc. CSPFF Review Questions

© 2000, Cisco Systems, Inc. CSPFF Review Questions Q1) What kind of system events does the PIX Firewall syslog generate messages for? Q2) What protocol does the syslog use to send these messages? Q3) What command is used to start generating syslog messages? Q4) How many different levels of syslog messages are there? Name three.

© 2000, Cisco Systems, Inc. CSPFF Review Questions (cont.) Q5) What command is used to view logging messages on the terminal screen? Q6) Which file is necessary to perform a password recovery? Q7) What is the estimated life expectancy of the lithium battery in the PIX Firewall? Q8) When replacing a circuit board or system memory (RAM), what is the most important precaution you must take to ensure that your new product is not damaged during the installation?