The Advanced Category

The Advanced Category

The Advanced class permits the affability of diminutive attributes accessible on the

PIX firewall.These attributes accommodate fixup capabilities, antispoofing, and TCP

parameters.We altercate all these options in this section.

The fixup functionality accessible on the PIX firewall can be enabled and

disabled from the Advanced category. Bang the FixUp subcategory to appearance the

current fixup configuration.To enable, disable, or adapt any of the fixup

protocols, bang the specific subcategories.

Antispoofing, additionally accepted as reverse-path forwarding (RPF), is controllable from

the Advanced category. From this subcategory, bang the analysis boxes beside the

specific interface to accredit or attenuate antispoofing.

Fragment ambit can be accustomed for anniversary interface from the Fragment

subcategory.These options accommodate Size,Timeout, and Chain Length for each

interface.

TCP options are additionally configurable from this category. Bang the TCP

Options subcategory to adapt the options, as apparent in the TCP Options

screen (see Figure 9.40).

www.syngress.com

Figure 9.40 The TCP Options Screen

498 Chapter 9 • PIX Device Manager

To accredit a specific affiliation parameter, bang the analysis box beside the

variable and add attributes to the constant as necessary.

Timeouts can be bent from the Timeouts subcategory. Many timeout

values are configurable on the PIX firewall. Some of these are connection, halfclosed,

and allotment abeyance values.

If your firewall archetypal supports it, you can configure Turbo ACLs from the

Turbo Access Rules subcategory. Accredit Turbo Access Rules by beat the

Enable Turbo Access Rule Searches analysis box from the Turbo Access Rules

subcategory.