You can do similar filtering on a router using offset lists (MAC layer based filtering), but the PIX does not have anything like that. All filtering is done based on layer 3 or 4 with rare exceptions. Regards, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Monday, August 06, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: RE: Restrictions on Protocol level in Cisco Pix Firewall [7:15045] Does cisco allow for packet filtering? I know with 3com, I have done something similar to this at the router level. Put a sniffer on the wire, grab the hex information for any command that you want to block and filter based on that hex value. be careful though, this method is not protocol specifc, and it only works with clear text that always has the same hex value. SO, with that being said, if you have multiple devices on the other side of the router that have similar commands, or even two ftp servers, this will cause issues. Of course, this also is totally dependent on cisco's abillity to filter on payload, rather than network info. -Patrick >>> "Kent Hundley" 08/06/01 01:16PM >>> The PIX has some limited ability to look at the application layer traffic, but not much. By default it will only allow certain SMTP commands, for example, but you cannot select which commands, the feature is either on or off. You cannot block certain FTP or HTTP commands. There are 3rd party integration products for blocking certain HTTP urls, but none that I know of for FTP. HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ali J Khan Sent: Saturday, August 04, 2001 10:17 PM To: [EMAIL PROTECTED] Subject: Restrictions on Protocol level in Cisco Pix Firewall [7:14930] Hi All I have a scenario where I need to limit the commands of a particular protocol through the Pix. Consider, for example, putting restriction on ftp or smtp so that only specific commands for these protocols such as only the GET command working for ftp. Is this possible in the Pix. If yes, How? alijkhan, ccnp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15144&t=15144 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
