12-14-2003 04:57 AM - edited 03-09-2019 05:52 AM
Hi All
I know PIX can support stateful inspection , But i don't know the pix can support all application ? such as "Lotus Domino" or "MS Exchange"
. If i want to add Domino (1352) into PIX sateful inspection , How can i to do ?
12-15-2003 05:00 AM
Hi Emily,
the pix indeed supports statefull inspection for all type of connections and statefull inspection is on by default. Please note that statefull inspection is related to the 'network' and the 'transport' layers of the OSI mode (layer 3 and 4).
The statefull inspection looks at connections being initiated and automatically allows the corresponding reply packets. It has nothing to do with the 'application' layer.
The application layer of packets is inspected by the 'fixup protocols'. The pix provides fixup protocols for several types of applications: SMTP, ESP-IKE, HTTP, FTP, ...
To allow Lotus Domino traffic throug the pix, just created the correct ACL's (and maybe'static' commands)using port 1352/tcp and the PIX will 'stateful inspect' the traffic. You don't have to do anything specific to turn on statefull inspection.
Regards,
Tom
01-06-2004 05:08 AM
Hi Tom,
So time ago I configured an access-list on a PIX to gain access to a server that listens on port 8000, which is not a http port. Now they asked me to get access to a different server using HTTP 8000 port, which I want to fixup. Can you tell what will happen? Will packets from the first server be dropped, because of the fixup.
Thanks in advance
Aad Boelhouwers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide