SYSTEM MANAGEMENT

The SSH uses the username of the PIX firewall and the current Telnet password.
When you see the period symbol ( . ), the PIX is generating server keys to use for encryption.
The PIX supports SSH version 1 with up to five connections.
The ca zeroize rsa command clears all RSA-generated keys from flash.
The ntp server command enables you to synchronize the PIX clock with an NTP server.
The reload command is used to reboot the PIX.
The logging host command allows syslog servers to receive system messages.
The logging trap command enables the log levels for syslog traps.

When in standard FTP mode, the inside client initiates the control connections to the FTP server and the server initiates the data connections. You use the fixup protocol ftp 21 command to allow the PIX to create a dynamic return connection for the data returning from the server.
When in passive FTP mode, the inside client initiates both the control and data connections, so the ASA will allow return traffic through the PIX without a need for the fixup protocol ftp 21 command.
The show fixup command displays the active fixup protocols on the PIX firewall.
The PIX supports the SCCP, Skinny, SIP, and H.323 VoIP protocols.
RTSP is a real-time audio and video protocol used by several multimedia applications, such as RealPlayer, Cisco IP/TV, Quicktime 4, Netshow, and VDO live. The fixup protocol rstp command enables RTSP support for NAT only.
WebSense and N2H allow URL traffic filtering when fixup protocol HTTP 80 is enabled.
The filter URL command is used to identify which traffic you want to forward to the URL servers.
The PIX firewall can be a DHCP client and a DHCP server at the same time.
The dhcpd dns command allows you to set only two DNS server IP addresses.
When configured, PPPoE can connect to the service providers without user interaction.

DNSGuard prevents DoS and UDP session hijacking by closing the UDP port after the first received DNS response.
The SYN Floodguard protects hosts from TCP SYN attacks, which are half- open connections (called embryonic connections) from hackers.The embryonic limit is a parameter in the nat and static commands.
Embryonic connections are half-open, three-way handshake connections that could be left open intentionally by a hacker. If the embryonic limit is reached, TCP intercept on the PIX handles any new handshakes until they are proven to be valid requests . This feature was introduced in version 5.2.
The fixup protocol smtp command inspects SMTP traffic and allows only the following seven commands: DATA , HELO , MAIL , NOOP , QUIT , RCPT , and RSET .
The shun command is used for IDS blocking of inbound source traffic.
The PIX firewall contains a subset of the signatures of a full Cisco IDS system.
By default, all IDS audit signatures are enabled. If you want to disable them, use the ip audit signature <number> disable command.
The ip audit interface <if_name> < name > command applies an audit policy to an interface.
False positives are alarms triggered by legitimate traffic that matches a pattern of a monitored signature.
The embryonic parameter is used by the nat and static commands.

Similar pages