What Does FIXUP PROTOCOL Do?

Unanswered Question
Feb 12th, 2001

What's the point of the FIXUP statement? Is this the protocols allowed through the PIX? I have the default ones in place, but I can still TELNET through. Why?

Also:

The reason I'm asking is that I need to do an ANY rule (Check Point termingology) that will permit ANY protocol/port from the inside. If I have to specifiy every protocol/port, using the FIXUP directive, I'll be there forever. How do I do an ANY protocol/port source rule?

TIA

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
wdrootz Mon, 02/19/2001 - 07:10

In your situation telnet should work fine without fixup protocols at all. What version of PIX code do you use? I bet your probably running into a bug on an ED code version.

Fixup is handling for special protocols like FTP which requires two ports, SMTP which toggles the mail security feature, etc. Check out the description in the command reference for details:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/commands.htm#xtocid223322. The PIX by default is everything out, nothing in. All protocols and ports are allowed except icmp. All you have to do is configure NAT (or no-NAT) to get through the thing.

Actions

Login or Register to take actions

This Discussion

Posted February 12, 2001 at 7:46 AM
Stats:
Replies:1 Avg. Rating:
Views:402 Votes:0
Shares:0
Tags: No tags.

.

Discussions Leaderboard