Students should now have an understanding of how the PIX Security Appliance
supports ACL usage. This includes understanding how to configure standard and
turbo ACLs on the PIX and knowing how to use ACLs in a variety of network
environments. Furthermore, they should have an understanding of ACL related
topics such as filtering malicious applets and using object groups and nested
object groups to simplify complex ACLs.
Students should now be able to
discuss how modular policy provides greater granularity and more flexibility
when configuring network policies. Students should be able to configure a class
map by identifying a class and defining a class of traffic. Students should be
able to configure a policy map by identifying a class and defining a policy for
the class of traffic. Students should also be able to configure a service
policy by identifying a policy name and applying the policy globally or to an
interface.
The module included a discussion of advanced protocol
handling, and how the PIX Security Appliance can be configured to support
specific protocols. Among these protocols are the advanced protocols used for
multimedia support, real-time streaming protocols, and the protocols required
to support IP telephony. These protocols include RTP and H.323. Some of these
protocols operate over two channels, each of which have different access
requirements.