Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
3
Replies

Firewall

nileshKahale
Level 1
Level 1

‎03-15-2007 05:10 AM - edited ‎03-11-2019 02:46 AM

Hi All ,

I am very new to Firewall. I have Cisco PIX 515E , I want to know regarding configuration of 515E & also want to know what happens with command fixup protocol , failover ip address outside,failover ip address state & how to use access list in Firewall.

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎03-15-2007 05:30 AM

Hi

Big subject :-)

1) fixup protocol. Generally the pix looks at layer 3 (IP addresses) and layer 4 (port numbers). However for some applications it can look at the layer 7 information ie. it understands certain commands etc, used by the application. The applications it can do this for are defined by the fixup protocol lines.

2) failover - this is used when you have two firewalls in a pair. One is generally active and the other is in failover mode and will assume the active role if the primary firewall fails. Note that with v7.0 of the pix software you can run both in active mode if you want on a per context basis.

3) access-lists are used to control the traffic allowed through the firewall, either from inside to outside or outside to inside, or outside to DMZ etc...

By default traffic is allowed to flow from a higher security interface to a lower security interface without an access-list eg inside to outside.

Attached is a link to the pix firewall configuration docs.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

HTH

Jon

0 Helpful

nileshKahale
Level 1
Level 1
In response to Jon Marshall

‎03-15-2007 06:15 AM

Thanks for quick reply.

However i want to know the meaning of following commands

fixup protocol dns maximum-length 512

fixup protocol ftp 21

access-list acl_in permit udp host 10.25.25.16 host 203.45.18.1 eq domain

failover ip address state x.x.x.x

0 Helpful

acomiskey
Level 10
Level 10
In response to nileshKahale

‎03-15-2007 06:21 AM

access-list acl_in permit udp host 10.25.25.16 host 203.45.18.1 eq domain

This is allowing udp 53 (dns) traffic from 10.25.25.16 to 203.45.18.1, as long as acl_in is applied to an interface with something like "access-group acl_in in interface outside".

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card