Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sysopt security fragguard

Does any know why Fragguard is not enabled by default?

1 REPLY
Silver

Re: sysopt security fragguard

One reason is Linux sends IP fragments in reverse order, fragmented Linux packets will not pass through the PIX Firewall with the sysopt security fragguard command enabled. It breaks normal IP fragmentation conventions. You might use IDS to detect fragment signatures in a Linux environment. I would guess enabled by default would create problems on too many networks.

126
Views
0
Helpful
1
Replies
CreatePlease to create content