prior to version 5.3, pix firewall used the conduit and outbound commands to control connections between external and internal networks. with pix firewall version 6.0 and later, these commands continue to be supported for backward compatibility, but the access-list and access-group commands are now the preferred method of implementing this functionality.

    each conduit is a potential hole through the pix firewall and hence their use should be limited as your security policy and business needs require. when possible, make conduits more restrictive by specifying a remote source address, local destination address, and protocol.