Cisco Support Community
Community Member

fixup protocols

what are fixup protocols use for in pix.


Community Member

Re: fixup protocols

fixup protocols are used for application level inspection of packets going across.



Cisco Employee

Re: fixup protocols

The fixup command lets you change, enable, or disable the use of a service or protocol throughout the Cisco PIX Firewall. The ports you specify are those used by the PIX Firewall for listening to each respective service. You can change the port value for each service except RSH.

Some applications such as FTP require that the PIX Firewall understands special properties of the application so that connections that are legitimately part of the application are permitted. During an FTP transfer, the PIX Firewall needs to be aware of the second data channel that is opened from the server to the initiating workstation. The PIX Firewall identifies applications by the TCP or UDP port number contained in the IP packets. For example, it recognizes FTP by port number 21, SMTP by port number 25, and HTTP by port number 80.

For the most part, there is no reason to change these port numbers. But in special circumstances you may have a service listening on a non-standard port number. For example, you could have an HTTP server listening on port 5000. The PIX Firewall will not recognize that port 5000 is being used for HTTP and will block the returned HTTP data connection from the server. This problem can be resolved by adding port 5000 to the fixup protocol command: fixup protocol http 5000. This command enables the PIX Firewall to recognize that connections to port 5000 should be treated in the same manner as connections to port 80



Community Member

Re: fixup protocols

CreatePlease to create content