Supported Applications and Protocols
Some fixup protocols support multiple applications, while
other applications benefit from application inspection without having a fixup
protocol for Configuration options. Features provided often include extending
NAT capabilities to IP addresses embedded within the data payload, including
adjusting related checksum values, dynamic implementation of additional port
connections, and event logging. The following represents a partial list of
supported applications.
Basic Internet Protocols
The PIX Firewall uses application inspection to assist
common Internet protocols, such as the following. Those followed by an asterisk
have fixup command configuration support.
-
Domain Name System (DNS)
-
File Transfer Protocol (FTP)*
-
Hypertext Transfer Protocol (HTTP)*
-
NetBIOS over IP
-
Simple Mail Transfer Protocol (SMTP)*
Voice over IP (VoIP)
The VoIP application inspection supports the following
protocols used by Cisco IP Phones, Cisco CallManager, and other Cisco IP
Telephony products. Version 6.2 of the PIX OS adds PAT support for H.323 and
SIP. This helps to expand your address space to accommodate the large number of
endpoints involved when implementing VoIP networks. Those followed by an
asterisk have fixup command configuration support.
Multimedia
Multimedia applications represent troublesome challenges to
a firewall because multimedia protocols dynamically open additional port
connections to improve performance. The PIX Firewall application inspection
feature opens and closes UDP ports for secure multimedia connections. Other
firewall implementations typically must open a large range of UDP ports,
creating security risks, or they must configure one port for inbound multimedia
data requiring client reconfiguration.
The PIX-enhanced ASA supports multimedia—with or without
NAT—without compromising security. This represents a major advantage over
firewall installations that must choose between NAT and multimedia, which either
limits multimedia applications to registered users or exposes inside network
addresses to the Internet.
|
Note |
While NAT works well with multimedia applications, don’t use
PAT while running these applications through the PIX Firewall. Multimedia
protocol attempts to dynamically access additional port connections can conflict
with port mappings used by PAT. |
The multimedia applications supported by the PIX Firewall
application inspection include the following. Those followed by an asterisk have
fixup command configuration support.
Database and Directory Support
The database and directory applications supported by the PIX
Firewall application inspection include the following. Those followed by an
asterisk have fixup command configuration support.
Management Protocols
The PIX Firewall application inspection-supported management
protocols include the following. Those followed by an asterisk have fixup command configuration support.
233 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
