All,
On the PIX, I read that these fixup commands are used to sanitize the protocols making
sure only certain valid cmds get passed along during the connection process.
fixup ftp
fixup mailhost
fixup sqlnet
Will this keep my users from proxying their napster, bearshare, etc. connections out of port 80, 21, 25, 1521 etc. since none of the commands that napster, bearshare,etc. sends during its setup process will be considered valid commands for those ports when the fixup cmd is applied to them.
Also, I wanted to clarify one more question, when I want to map an inside IP and service to and outside IP and service I should use conduit and static. When I want to create ACLs for the interfaces I should use the access-list cmd, but when should I use the outbound/apply command? It seems to be redunant since the access-list cmd suffices.
Thanks
Do You Yahoo!?
Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail.
