CiscoWorks VMS FW Manager removing no fixup protocol smtp 25 from Pix
I am having a pecular issue where when I deploy a changed pix firewall configuration from CiscoWorks VMS Firewall Manager I seem to somehow get both a:
no fixup protocol smtp 25
fixup protocol smtp 25
in my configuration. This only seems to occur ocassionaly and checking the pix config and the firewall manager configuration listing both have fixup for smtp 25 turned off as I need. Has anyone run into this before? Any suggestions?
Fixup protocol enables the mail gaurd feature on the pix.
You can use the fixup command to change the default port assignment for SMTP. The command syntax
is as follows.
fixup protocol smtp [port[-port]]
The fixup protocol smtp command enables the Mail Guard feature. This restricts mail servers to
receiving the seven minimal commands defined in RFC 821, section 4.5.1 (HELO, MAIL, RCPT, DATA,
RSET, NOOP, and QUIT). All other commands are rejected.
Microsoft Exchange server does not strictly comply with RFC 821 section 4.5.1, using extended SMTP
commands such as EHLO. PIX Firewall will convert any such commands into NOOP commands, which
as specified by the RFC, forces SMTP servers to fall back to using minimal SMTP commands only. This
may cause Microsoft Outlook clients and Exchange servers to function unpredictably when their
connection passes through PIX Firewall.
Use the port option to change the default port assignments from 25. Use the -port option to apply SMTP
application inspection to a range of port numbers.
There is no work around for "No fixup protocol smtp 25" on the pix firewall configuration. It is essentially required since at times to configures the smtp, it sometimes may require some extra port through which the mails are transferred. There is no work around for removing the no fixup command
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...