Acronyms and Abbreviations

Table Of Contents

Acronyms and Abbreviations


Acronyms and Abbreviations


This appendix lists the acronyms and abbreviations used in this document. Refer to "," for information on the commands described in this section.

Table B-1 Acronyms and Abbreviations 

Acronym
Description

AAA

Authentication, Authorization, and Accounting.

AH

Authentication Header.

ARP

Address Resolution Protocol—A low-level TCP/IP protocol that maps a node's hardware address (called a "MAC" address) to its IP address. Defined in RFC 826. An example hardware address is 00:00:a6:00:01:ba. (The first three groups specify the manufacturer, the rest identify the host's motherboard.)

BGP

Border Gateway Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run BGP on the rest of the network before the routers.

BOOTP

Bootstrap Protocol—Lets diskless workstations boot over the network and is described in RFC 951 and RFC 1542. You can set access to this feature with the outbound and conduit commands.

CA

Certification Authority.

chargen

Character Generation—Via TCP, a service that sends a continual stream of characters until stopped by the client. Via UDP, the server sends a random number of characters each time the client sends a datagram. Defined in RFC 864.

conn

Connection slot in PIX Firewall—Refer to the xlate command page for more information.

CRL

Certificate Revocation List.

DES

Data Encryption Standard.

DNS

Domain Name System—Operates over UDP unless zone file access over TCP is required. You can permit or deny access to this feature with the conduit and outbound commands.

EGP

Exterior Gateway Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run EGP on the rest of the network before the routers.

EIGRP

Enhanced Interior Gateway Routing Protocol—While PIX Firewall does not support use of this protocol, you can set the routers on either side of the PIX Firewall to use RIP between them and then run EIGRP on the rest of the network before the routers.

ESP

Encapsulated Security Protocol. Refer to RFC 1827 for more information.

FDDI

Fiber Distributed Data Interface—Fiber optic interface.

FTP

File Transfer Protocol—You can permit or deny access to this feature with the aaa, conduit, and outbound commands.

gaddr

Global address—An address set with the global and static commands.

GRE

Generic Routing Encapsulation protocol—Commonly used with Microsoft's implementation of PPTP. You can set access to this feature with the conduit command.

HSRP

Hot-Standby Routing Protocol.

HTTP

Hypertext Transfer Protocol—The service that handles access to the World Wide Web.

IANA

Internet Assigned Number Authority—Assigns all port and protocol numbers for use on the Internet. You can view port numbers at:

http://www.isi.edu/in-notes/iana/assignments/port-numbers

You can view protocol numbers at:

http://www.isi.edu/in-notes/iana/assignments/protocol-numbers

ICMP

Internet Control Message Protocol—This protocol is commonly used with the ping command. You can view ICMP traces through the PIX Firewall with the debug trace on command. Conduits can be pinged, but statics cannot. If an internal host needs to be pinged, you can provide this access with the conduit command by opening a port just for ICMP. Refer to RFC 792 for more information.

IGMP

Internet Group Management Protocol.

IGRP

Interior Gateway Routing Protocol.

IKE

Internet Key Exchange

IKMP

Internet Key Management Protocol

IP

Internet Protocol.

IPinIP

IP-in-IP encapsulation protocol.

IPSec

IP Security Protocol efforts in the IETF (Internet Engineering Task Force).

IRC

Internet Relay Chat protocol—The protocol that lets users access chat rooms. You can permit or deny access to this service with the outbound and conduit commands.

ISAKMP

Internet Security Association and Key Management Protocol

KDC

Key Distribution Center

laddr

Local address—The address of a host on a protected interface.

MD5

Message Digest 5—An encryption standard for encrypting VPN packets. This same encryption is used with the aaa authentication console command to encrypt Telnet sessions to the console.

MIB

Management Information Base—Used with SNMP.

MTU

maximum transmission unit—The maximum number of bytes in a packet that can flow efficiently across the network with best response time. For Ethernet, the default MTU is 1500 bytes, but each network can have different values, with serial connections having the smallest values. The MTU is described in RFC 1191.

NAT

Network Address Translation.

NIC

Network Information Center.

NNTP

Network News Transfer Protocol—News reader service. You can permit or deny access to this service with the outbound and conduit commands.

NOS

Network Operating System.

NTP

Network Time Protocol—Set system clocks via the network. You can permit or deny access to this service with the outbound and conduit commands.

NVT

Network virtual terminal.

OSPF

Open Shortest Path First protocol.

PIX

Private Internet Exchange.

PAT

Port Address Translation.

PFSS

PIX Firewall Syslog Server.

PKI

Public Key Infrastructure

POP

Post Office Protocol.

PPTP

Point-to-Point Tunneling Protocol.

RADIUS

Remote Authentication Dial-In User Service—User authentication server specified with the aaa-server command.

RAS

The registration, admission, and status protocol. Provided with H.323 support.

RFC

Request For Comment—RFCs are the defacto standards of networking protocols.

RIP

Routing Information Protocol.

RPC

Remote Procedure Call—You can permit or deny access to this service with the outbound and conduit commands.

SMTP

Simple Mail Transfer Protocol—Mail service. You can permit or deny access to this service with the conduit and the fixup protocol smtp 25 command. The fixup protocol smtp command enables the Mail Guard feature. The PIX Firewall Mail Guard feature is compliant with both the RFC 1651 EHLO and RFC 821 section 4.5.1 commands.

SNMP

Simple Network Management Protocol—Set attributes with the snmp-server command.

SPI

Security parameter index—A number which, together with a destination IP address

and security protocol, uniquely identifies a particular security association.

SQL*Net

SQL*Net is a protocol Oracle uses to communicate between client and server processes. (SQL stands for Structured Query Language.) The protocol consists of different packet types that PIX Firewall handles to make the data stream appear consistent to the Oracle applications on either side of the firewall. SQL*Net is enabled with the fixup protocol sqlnet command, which is provided in the default configuration. You can also specify access to SQL*Net with the outbound and conduit commands. Refer to the outbound / apply command page for more information on the outbound command.

SYN

Synchronize sequence numbers flag in the TCP header.

TACACS+

Terminal Access Controller Access Control System Plus.

TCP

Transmission Control Protocol. Refer to RFC 793 for more information.

TFTP

Trivial File Transfer Protocol.

TripleDES

Triple Data Encryption Standard. Also known as 3DES.

uauth

User authentication.

UDP

User Datagram Protocol.

VPN

Virtual Private Network.

WWW

World Wide Web.

XDMCP

X Display Manager Control Protocol.

xlate

Translation slot in PIX Firewall.