What Does FIXUP PROTOCOL Do?

Unanswered Question
Feb 12th, 2001

What's the point of the FIXUP statement? Is this the protocols allowed through the PIX? I have the default ones in place, but I can still TELNET through. Why?

Also:

The reason I'm asking is that I need to do an ANY rule (Check Point termingology) that will permit ANY protocol/port from the inside. If I have to specifiy every protocol/port, using the FIXUP directive, I'll be there forever. How do I do an ANY protocol/port source rule?

TIA

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wdrootz Mon, 02/19/2001 - 07:10

In your situation telnet should work fine without fixup protocols at all. What version of PIX code do you use? I bet your probably running into a bug on an ED code version.

Fixup is handling for special protocols like FTP which requires two ports, SMTP which toggles the mail security feature, etc. Check out the description in the command reference for details:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/commands.htm#xtocid223322. The PIX by default is everything out, nothing in. All protocols and ports are allowed except icmp. All you have to do is configure NAT (or no-NAT) to get through the thing.

Actions

Login or Register to take actions

This Discussion

Posted February 12, 2001 at 7:46 AM
Stats:
Replies:1 Overall Rating:
Views:404 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
tsteger1
916
2
acomiskey
894
3
Patrick Iseli
850
4
jmia@ohgroup.co.uk
808
5
jackko
787
Rank Username Points
Marvin Rhoads
19
Karsten Iwen
15
Neno Spasov
11
Collin Clark
10
Scott Olsen
5