The PIX Firewall offers a number of advanced features to support the many protocols available on the Internet, while maintaining a safe internal environment. Some of these features are configurable using skills already covered or by using the fixup protocol commands, covered in the upcoming section “The fixup protocol Command.” Others are in place and can’t be modified or disabled, such as the attack guards covered in the later section “Attack Guards.” All involve some form of higher-layer awareness than would be available from traditional access control lists (ACLs), which, by definition, are limited to Layer 3– and Layer 4–filtering capabilities. The PIX Firewall Adaptive Security Algorithm (ASA) uses application layer (OSI Layers 5–7) inspection to establish and maintain its stateful access control and traffic-monitoring security.