I wonder if the following features are supported by PIX:
1- Filtering incoming or outgoing traffic based on the Source port and not only the dest port (e.g. filter incoming traffic having source ports outside the range 1-65535).
2- In some firewalls like ISA, you can control sent and received traffic for a certain host (e.g. you can allow certain udp traffic coming to a certain host to pass the FW while blocking traffic from being sent back from this host on that particulars port), in PIX however I think if you opened let's say udp 53 for your DNS server then this DNS server will be answering all queries to the requesting hosts and you wont be able to control traffic going back on udp 53 (Send/Receive concept).
3- Can PIX control traffic based on L7 commands, (e.g. Allow FTP Get but block FTP put)? I think this is a feature that NetScreen can do, is it available in PIX?
Thanks jackko for your response... but regarding the 2nd point; I read in the PIX Ver7 Config Guide (page 207) that with UDP and TCP protocols you dont need an access list to allow returning traffic because the PIX will allow returning traffic for established connections. In the example above, the dns server will respond to any dns queries from "any", my question here will the PIX ,before responding, the check the access-list rules applied to the inside interface to see to whom it's allowed to respond, or will it allow returning traffic without checking access-list asthis is a default behaviour? Pleae advise!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :