On 6 Jul 2000, at 17:12, mouss wrote:
> As far as I know, IOS doesn't handle protocols above IP
> (this may be a feature of new or next versions, though).
> but a firewall generally needs to handle at least TCP, and a serious one
> should handle TCP sessions. so, these would require a large rewrite of the
> "traditional" IOS,. The PIX, __at the best of my knowledge__, is a "two
> boxes in one",
> a router and a PC. correct me if I'm wrong.
The PIX is definitely not a router - I've been told this much by Cisco as I can't
get it to work the way I want to and will have to use a router to get it working
(use single PIX to act as fw for 2 ISP connections that for all purposes need
to run separately, ie a server with an IP on ISP1 will only ever have packets
routed the interface for ISP1 on the PIX, but it won't me do this).
The PIX is stateful and therefore I guess that means it does handle TCP, plus
it also has some protocol handling (it has "fixups" which check for certain
protocol specific commands, eg. the smtp fixup will effectively disable
ESMTP commands as they are passed to the smtp port of your own server
as XXXX instead of things like EHLO, VRFY, etc).
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate scheme!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
