The Fixup Protocol – Shoaib Merchant

The Fixup protocol does exactly what a set of MPF commands do. It adds the stateful inspection feature for the specified protocol to the default-inspection-traffic class map referenced in the global_policy policy map. So instead of typing all the MPF commands you only need to type the fixup protocol command followed by the name of the ‘protocol’ to enable application inspection for that protocol. Below is an example which shows how ICMP inspection is added to the global_policy with the fixup command and the regular MPF commands.

It also gives you an option to change the default port number for the protocol to be inspected. In the below example, HTTP inspection will be applied to any traffic destined for port number 8080 instead of the default port number of 80.

Note: It ONLY modifies the default global_policy! If you have other policy maps applied to different interfaces, you will need to follow the MPF structure.

If you’re in for a read, the Cisco Documentation has pretty much everything you need to know about this protocol.

Source: The Fixup Protocol by

Written by Christian Nel in October 11, 2018
Tagged :

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.