https://community.cisco.com/t5/network-security/firewall/m-p/665016#M1010318 <HTML><HEAD></HEAD><BODY><P>Thanks for quick reply.</P><P>However i want to know the meaning of following commands</P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>access-list acl_in permit udp host 10.25.25.16 host 203.45.18.1 eq domain</P><P>failover ip address state x.x.x.x</P><P></P></BODY></HTML> Thu, 15 Mar 2007 13:15:37 GMT nileshKahale 2007-03-15T13:15:37Z https://community.cisco.com/t5/network-security/firewall/m-p/665014#M1010309 <P>Hi All ,</P><P>I am very new to Firewall. I have Cisco PIX 515E , I want to know regarding configuration of 515E &amp; also want to know what happens with command fixup protocol , failover ip address outside,failover ip address state &amp; how to use access list in Firewall.</P> Mon, 11 Mar 2019 09:46:51 GMT https://community.cisco.com/t5/network-security/firewall/m-p/665014#M1010309 nileshKahale 2019-03-11T09:46:51Z https://community.cisco.com/t5/network-security/firewall/m-p/665015#M1010314 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Big subject <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>1) fixup protocol. Generally the pix looks at layer 3 (IP addresses) and layer 4 (port numbers). However for some applications it can look at the layer 7 information ie. it understands certain commands etc, used by the application. The applications it can do this for are defined by the fixup protocol lines. </P><P></P><P>2) failover - this is used when you have two firewalls in a pair. One is generally active and the other is in failover mode and will assume the active role if the primary firewall fails. Note that with v7.0 of the pix software you can run both in active mode if you want on a per context basis. </P><P></P><P>3) access-lists are used to control the traffic allowed through the firewall, either from inside to outside or outside to inside, or outside to DMZ etc...</P><P>By default traffic is allowed to flow from a higher security interface to a lower security interface without an access-list eg inside to outside. </P><P></P><P>Attached is a link to the pix firewall configuration docs. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html</A></P><P></P><P></P><P>HTH </P><P></P><P>Jon </P></BODY></HTML> Thu, 15 Mar 2007 12:30:45 GMT https://community.cisco.com/t5/network-security/firewall/m-p/665015#M1010314 Jon Marshall 2007-03-15T12:30:45Z https://community.cisco.com/t5/network-security/firewall/m-p/665016#M1010318 <HTML><HEAD></HEAD><BODY><P>Thanks for quick reply.</P><P>However i want to know the meaning of following commands</P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>access-list acl_in permit udp host 10.25.25.16 host 203.45.18.1 eq domain</P><P>failover ip address state x.x.x.x</P><P></P></BODY></HTML> Thu, 15 Mar 2007 13:15:37 GMT https://community.cisco.com/t5/network-security/firewall/m-p/665016#M1010318 nileshKahale 2007-03-15T13:15:37Z https://community.cisco.com/t5/network-security/firewall/m-p/665017#M1010324 <HTML><HEAD></HEAD><BODY><P>access-list acl_in permit udp host 10.25.25.16 host 203.45.18.1 eq domain </P><P></P><P>This is allowing udp 53 (dns) traffic from 10.25.25.16 to 203.45.18.1, as long as acl_in is applied to an interface with something like "access-group acl_in in interface outside".</P></BODY></HTML> Thu, 15 Mar 2007 13:21:40 GMT https://community.cisco.com/t5/network-security/firewall/m-p/665017#M1010324 acomiskey 2007-03-15T13:21:40Z