13-22
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 13 Configuring Application Protocol Inspection
Detailed Information About Inspection Engines
XDMCP Inspection Engine
Enabled by default for UDP port 177
Not Configurable
The port assignment for the X Display Manager Control Protocol (XDMCP) is not configurable.
XDMCP is a protocol that uses UDP port 177 to negotiate X sessions, which use TCP when established.
For successful negotiation and as the start of an Xwindows session, the FWSM must allow the TCP back
connection. Once XDMCP negotiates the session, a single embryonic connection is created to handle the
initial TCP connection, after which the established rule is consulted.
During the X Windows session, the manager talks to the display's Xserver on the well-known port 6000
+ n. Each display has a separate connection to the Xserver as a result of the following terminal setting:
setenv DISPLAY Xserver:n
where n is the display number.
When XDMCP is used, the display is negotiated using IP addresses, which the FWSM can NAT if
needed. The XDCMP inspection engine does not support PAT.
To Next Page
Loading...
Need help?
General