Little Help...

In article , J1C wrote: :Could someone explain the two lines below??

:permit icmp any any echo-reply

Looks like a PIX. It helps if you state the platform and software rev.

:permit icmp any any echo-reply

For each PIX interfaces, if a packet is sent from outside the PIX directly to the IP address associated with the interface the packet is received on, and that packet is an ICMP echo-reply packet, then the PIX is permitted to process the packet. That processing could be to receive it on behalf of a "ping" command typed into the PIX itself, or the processing could to pass the echo-reply packet on to a machine that had earlier sent out an icmp echo packet -- but only in the case where the the inside machine is PAT'd (Port Address Translation) to the PIX interface address.

:snmp-server community public

If the configuration has enabled SNMP (Simple Network Management Protocol), and if machines have been authorized to send SNMP packets to the PIX interface address itself (machines are authorized by other "snmp-server" commands such as "snmp-server host"), then the machines should use the password 'public' when they communicate with the PIX. If the machines attempt to use any other password (or no password), then the PIX will drop the SNMP packets. If an authorized machine uses the correrct password, then the PIX will examine the SNMP packet and see what kind of information the sender is requesting, and will reply with the appropriate response.

For example, it is possible to use SNMP to query to find out what the CPU load average was over the last 5 minutes, or to find out how many packets have been transmitted through a particular PIX interface.

Sorry, it's a PIX 506E

Is there any security considerations I should keep in mind with those two settings?