Downloads |
Table Of Contents
Acronyms and Abbreviations
This appendix lists the acronyms and abbreviations used in this document. Refer to "," for information on the commands described in this section.
Table B-1 Acronyms and Abbreviations
AAA
Authentication, Authorization, and Accounting.
AH
Authentication Header.
ARP
Address Resolution Protocol—A low-level TCP/IP protocol that maps a node's hardware address (called a "MAC" address) to its IP address. Defined in RFC 826. An example hardware address is 00:00:a6:00:01:ba. (The first three groups specify the manufacturer, the rest identify the host's motherboard.)
BGP
Border Gateway Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run BGP on the rest of the network before the routers.
BOOTP
Bootstrap Protocol—Lets diskless workstations boot over the network and is described in RFC 951 and RFC 1542. You can set access to this feature with the outbound and conduit commands.
CA
Certification Authority.
chargen
Character Generation—Via TCP, a service that sends a continual stream of characters until stopped by the client. Via UDP, the server sends a random number of characters each time the client sends a datagram. Defined in RFC 864.
conn
Connection slot in PIX Firewall—Refer to the xlate command page for more information.
CRL
Certificate Revocation List.
DES
Data Encryption Standard.
DNS
Domain Name System—Operates over UDP unless zone file access over TCP is required. You can permit or deny access to this feature with the conduit and outbound commands.
EGP
Exterior Gateway Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run EGP on the rest of the network before the routers.
EIGRP
Enhanced Interior Gateway Routing Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run EIGRP on the rest of the network before the routers.
ESP
Encapsulated Security Protocol. Refer to RFC 1827 for more information.
FDDI
Fiber Distributed Data Interface—Fiber optic interface.
FTP
File Transfer Protocol—You can permit or deny access to this feature with the aaa, conduit, and outbound commands.
gaddr
Global address—An address set with the global and static commands.
GRE
Generic Routing Encapsulation protocol—Commonly used with Microsoft's implementation of PPTP. You can set access to this feature with the conduit command.
HSRP
Hot-Standby Routing Protocol.
HTTP
Hypertext Transfer Protocol—The service that handles access to the World Wide Web.
IANA
Internet Assigned Number Authority—Assigns all port and protocol numbers for use on the Internet. You can view port numbers at:
http://www.isi.edu/in-notes/iana/assignments/port-numbers
You can view protocol numbers at:
http://www.isi.edu/in-notes/iana/assignments/protocol-numbers
ICMP
Internet Control Message Protocol—This protocol is commonly used with the ping command. You can view ICMP traces through the PIX Firewall with the debug trace on command. Conduits can be pinged, but statics cannot. If an internal host needs to be pinged, you can provide this access with the conduit command by opening a port just for ICMP. Refer to RFC 792 for more information.
IGMP
Internet Group Management Protocol.
IGRP
Interior Gateway Routing Protocol.
IKE
Internet Key Exchange
IKMP
Internet Key Management Protocol
IP
Internet Protocol.
IPinIP
IP-in-IP encapsulation protocol.
IPSec
IP Security Protocol efforts in the IETF (Internet Engineering Task Force).
IRC
Internet Relay Chat protocol—The protocol that lets users access chat rooms. You can permit or deny access to this service with the outbound and conduit commands.
ISAKMP
Internet Security Association and Key Management Protocol
KDC
Key Distribution Center
laddr
Local address—The address of a host on a protected interface.
MD5
Message Digest 5—An encryption standard for encrypting VPN packets. This same encryption is used with the aaa authentication console command to encrypt Telnet sessions to the console.
MIB
Management Information Base—Used with SNMP.
MTU
maximum transmission unit—The maximum number of bytes in a packet that can flow efficiently across the network with best response time. For Ethernet, the default MTU is 1500 bytes, but each network can have different values, with serial connections having the smallest values. The MTU is described in RFC 1191.
NAT
Network Address Translation.
NIC
Network Information Center.
NNTP
Network News Transfer Protocol—News reader service. You can permit or deny access to this service with the outbound and conduit commands.
NOS
Network Operating System.
NTP
Network Time Protocol—Set system clocks via the network. You can permit or deny access to this service with the outbound and conduit commands.
NVT
Network virtual terminal.
OSPF
Open Shortest Path First protocol.
PIX
Private Internet Exchange.
PAT
Port Address Translation.
PFSS
PIX Firewall Syslog Server.
PKI
Public Key Infrastructure
POP
Post Office Protocol.
PPTP
Point-to-Point Tunneling Protocol.
RADIUS
Remote Authentication Dial-In User Service—User authentication server specified with the aaa-server command.
RAS
The registration, admission, and status protocol. Provided with H.323 support.
RFC
Request For Comment—RFCs are the defacto standards of networking protocols.
RIP
Routing Information Protocol.
RPC
Remote Procedure Call—You can permit or deny access to this service with the outbound and conduit commands.
SMTP
Simple Mail Transfer Protocol—Mail service. You can permit or deny access to this service with the conduit and the fixup protocol smtp 25 command. The fixup protocol smtp command enables the Mail Guard feature. The PIX Firewall Mail Guard feature is compliant with both the RFC 1651 EHLO and RFC 821 section 4.5.1 commands.
SNMP
Simple Network Management Protocol—Set attributes with the snmp-server command.
SPI
Security parameter index—A number which, together with a destination IP address
and security protocol, uniquely identifies a particular security association.
SQL*Net
SQL*Net is a protocol Oracle uses to communicate between client and server processes. (SQL stands for Structured Query Language.) The protocol consists of different packet types that PIX Firewall handles to make the data stream appear consistent to the Oracle applications on either side of the firewall. SQL*Net is enabled with the fixup protocol sqlnet command, which is provided in the default configuration. You can also specify access to SQL*Net with the outbound and conduit commands. Refer to the outbound / apply command page for more information on the outbound command.
SYN
Synchronize sequence numbers flag in the TCP header.
TACACS+
Terminal Access Controller Access Control System Plus.
TCP
Transmission Control Protocol. Refer to RFC 793 for more information.
TFTP
Trivial File Transfer Protocol.
TripleDES
Triple Data Encryption Standard. Also known as 3DES.
uauth
User authentication.
UDP
User Datagram Protocol.
VPN
Virtual Private Network.
WWW
World Wide Web.
XDMCP
X Display Manager Control Protocol.
xlate
Translation slot in PIX Firewall.