Unanswered Question

What's the point of the FIXUP statement? Is this the protocols allowed through the PIX? I have the default ones in place, but I can still TELNET through. Why?


The reason I'm asking is that I need to do an ANY rule (Check Point termingology) that will permit ANY protocol/port from the inside. If I have to specifiy every protocol/port, using the FIXUP directive, I'll be there forever. How do I do an ANY protocol/port source rule?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wdrootz Mon, 02/19/2001 - 07:10
User Badges:
  • Bronze, 100 points or more

In your situation telnet should work fine without fixup protocols at all. What version of PIX code do you use? I bet your probably running into a bug on an ED code version.

Fixup is handling for special protocols like FTP which requires two ports, SMTP which toggles the mail security feature, etc. Check out the description in the command reference for details:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/commands.htm#xtocid223322. The PIX by default is everything out, nothing in. All protocols and ports are allowed except icmp. All you have to do is configure NAT (or no-NAT) to get through the thing.


This Discussion