Cisco PIX (Private Internet eXchange) is a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment. In 2005, Cisco introduced the newer Adaptive Security Appliance (ASA), that inherited much of PIX features, and in 2008 announced PIX end-of-sale. The PIX technology is still sold in a blade, the FireWall Services Module (FWSM), for the Cisco Catalyst 6500 switch series and the 7600 Router series.
The PIX was the first commercially available firewall product to introduce protocol specific filtering with the introduction of the "fixup" command. The PIX "fixup" capability allows the Firewall to apply additional security policies to connections identified as using specific protocols. Two protocols for which specific fixup behaviors were developed are DNS and SMTP.
The DNS fixup originally implemented a very simple but effective security policy; it allowed just one DNS response from a DNS server on the Internet (known as outside interface) for each DNS request from a client on the protected (known as inside) interface. "Fixup" has been superseded by "Inspect" on later versions of PIX OS.
Download link
The PIX was the first commercially available firewall product to introduce protocol specific filtering with the introduction of the "fixup" command. The PIX "fixup" capability allows the Firewall to apply additional security policies to connections identified as using specific protocols. Two protocols for which specific fixup behaviors were developed are DNS and SMTP.
The DNS fixup originally implemented a very simple but effective security policy; it allowed just one DNS response from a DNS server on the Internet (known as outside interface) for each DNS request from a client on the protected (known as inside) interface. "Fixup" has been superseded by "Inspect" on later versions of PIX OS.
Download link
