Cisco Pix 515 Help.

[fraggin]

I have an application called ZipForm that needs to communicate outside of your firewall to a 3rd party website to retrieve registration information and updates.
The application launches a file called registration.exe that communicates via the web with an ASP page to download the info. It will not allow communication and the error message states that it could not connect to the internet. The windows firewall is off, and I have called their tech support people and they told me that I need to configure my cisco firewall but they could not give me any information on how to configure it. Do I need to run a command o nthe firewall to allow registration.exe to communicate outside the LAN?
Any help is greatly appreciated. Thanks.

[KorpDeath]

Unfortunately since you haven't provided the slightest amount of useful information it makes it darn near impossible to answer your question.

Yes, the tech support people were right, but I'll add something to their instructions.

First, RTFM, read the manuals that came with the thing, they were written and printed for a very good reason.

Second, after you've read the instruction, then you'll need to configure your firewall.

[bAgZ]

Find out on which port your application talks to the remote server and then just open
that port on your PIX firewall.

[nebulus200]

You can also 'sniff' on the firewall using 'debug packet'. Just type it after you are in with enable, it'll give you the options...

BE WARNED: Make your filter specific, if you dump all traffic (rather than writing a specific filter, like : 'tcp and port 80 and dst <hostwithexefile>' and that firewall serves alot of customers you can crash the PIX...There is another way to sniff traffic on the PIX but I can't remember the command off the top of my head (it is a better one since you don't run the risk of crashing it, at least not as much risk). To turn it off, just type the same command with 'no' in front of it...

In general, PIX with the fixup doesn't fitler on HTTP content (unless handed off to a third party vendor like websense, in which case it could...) You definitely need to supply more information for a better answer...

[fraggin]

Guys sorry for the lack of info on my original post. I pretty much checkeded everything that needed to be looked at. It's just that this program was obviously designed from someone that uses dial up or broadband. It appears that the program transmits data from the ip and port on the local machine192.168.5.211:2411 to 64.59.82.37:80 Syn_sent. The port is open on the firewall. I'm not sure, but to me it seems like having an ISA server and a PIX firewall between clients and the internet, totally fubars the registration process via the web. Their tech support just wants you to allow the executeable in the windows firewall, but I don't have the windows firewalls on my clients turned on.

[thehorse13]

What's actually in the packet stream to the remote host? Is there anything silly in there like IP based auth or some other half ass vendor stupidity?

Two things I would do. First, I would use a spanning port to sniff at the firewall traffic instead of using the method that Neb suggested simply because there have been times when I actually have done what he warns of even though I *thought* the filter was specific enough.

Second, I would see if there is a way to watch the conversation between the localhost and the remote host clear of your ISA and PIX. After seeing how that works, I would look for obvious stupidity. If none is apparent, then I would introduce the ISA and PIX one at a time to see if I can at least figure out where I need to dig deeper.

Anyway, fwiw.

--TH13