There are two more options you can look into.

1) Time limited ACLs on the PIX
2) If you are allowing ssh through the PIX to a server
then limit it on the server side.

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards