Summary

Students should now have an understanding of how the PIX Security Appliance supports ACL usage. This includes understanding how to configure standard and turbo ACLs on the PIX and knowing how to use ACLs in a variety of network environments. Furthermore, they should have an understanding of ACL related topics such as filtering malicious applets and using object groups and nested object groups to simplify complex ACLs.

Students should now be able to discuss how modular policy provides greater granularity and more flexibility when configuring network policies. Students should be able to configure a class map by identifying a class and defining a class of traffic. Students should be able to configure a policy map by identifying a class and defining a policy for the class of traffic. Students should also be able to configure a service policy by identifying a policy name and applying the policy globally or to an interface.

The module included a discussion of advanced protocol handling, and how the PIX Security Appliance can be configured to support specific protocols. Among these protocols are the advanced protocols used for multimedia support, real-time streaming protocols, and the protocols required to support IP telephony. These protocols include RTP and H.323. Some of these protocols operate over two channels, each of which have different access requirements.