I have a question about how the PIX handles passive ports. I know that in a passive ftp conversation, when the client outside the pix requests a data connection on port 21 to a server in the dmz, the server responds with a semi-random port address above 1024 for the client to open a data connection to. The PIX monitors this conversation and dynamically opens the port for the client to connect to.
My question is, does the PIX modify the port number that the server sends? If the server tells the client to use port 1499, does the PIX just pass that port through, or does it PAT the port? What if it conflicts with another port already in use? Can it be restricted to a certain range of ports? Or, does it just do what the server requests?
Unfortunately, I don't have access to two sniffers at the remote client site to confirm this.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...