Advanced Agreement Handling
The PIX has taken elements from both camps in an archetype of a amalgam firewall,
combining stateful packet clarification with avant-garde agreement administration with proxies
via the fixup command. For accepted applications, the PIX provides advanced
protocol handling, not alone ambidextrous with anchored IP addresses (the affliction of
NAT functionality) but convalescent all-embracing aegis handling.
www.syngress.com
Figure 2.4 The UDP Header
0 16 31
Source Port Destination Port
Length
Data
Checksum
56 Chapter 2 • Introduction to PIX Firewalls
Providing abutment for circuitous protocols is a appropriate appropriate of
the PIX.The “fixup” proxies accommodate ftp, http, h323, ils, rsh, rtsp, smtp, sip, skinny,
and SQL. Some protocols, such as DNS Guard (which prevents assorted DNS
responses from biting to the host), are accurate in the built-in PIX services
and do not charge to be configured.
Application abutment of this blazon is area the absolute ability of a firewall shines.
The PIX is added than aloof a gatekeeper, casual or blocking packets; it understands
the basal agreement and actively rewrites the communications—
enforcing RFCs, eliminating alarming commands, and preventing the arising of
information—to accommodate the accomplished akin of aegis available, constant with
application functionality.