| A1:
| Answer: Fragguard mitigates IP fragmentation attacks that cause denial of service. |
| A2:
| Answer: Port 1720 |
| A3:
| Answer: The Mail Guard feature is enabled by default. If it is disabled, it can be enabled by using the fixup protocol smtp command. |
| A4:
| Answer: Some of the limitations of the application inspection for CTIQBE include 1) stateful failover of CTIQBE calls is not supported, 2) CTIQBE messages that are fragmented across multiple TCP packets are not supported 3) configurations that use the alias command (which was deprecated after the introduction of outside NAT in PIX Firewall Version 6.2) are not supported. |
| A5:
| Answer: An embryonic connection is a half-open TCP connection. |
| A6:
| Answer: alarm, drop, reset |
| A7:
| Answer: The PIX Firewall allows only a single DNS response for outgoing DNS requests. Any other responses are dropped. |
| A8:
| Answer: It provides a mechanism for checking source IP addresses before receiving or sending packets. |
| A9:
| Answer: Mail Guard allows only a restricted set of SMTP commands, namely, HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. |
| A10:
| Answer: Use the fixup protocol mgcp 2427 and fixup protocol mgcp 2727 commands. |