EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #420 background imageLoading...
Page #420 background image
25-2
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 25 Configuring Application Layer Protocol Inspection
Inspection Engine Overview
• RADIUS Accounting Inspection, page 25-59
• RSH Inspection, page 25-60
• RTSP Inspection, page 25-60
• SIP Inspection, page 25-61
• Skinny (SCCP) Inspection, page 25-67
• SMTP and Extended SMTP Inspection, page 25-71
• SNMP Inspection, page 25-72
• SQL*Net Inspection, page 25-73
• Sun RPC Inspection, page 25-73
• TFTP Inspection, page 25-76
• XDMCP Inspection, page 25-76
Inspection Engine Overview
This section includes the following topics:
• When to Use Application Protocol Inspection, page 25-2
• Inspection Limitations, page 25-2
• Default Inspection Policy, page 25-3
When to Use Application Protocol Inspection
When a user establishes a connection, the security appliance checks the packet against access lists,
creates an address translation, and creates an entry for the session in the fast path, so that further packets
can bypass time-consuming checks. However, the fast path relies on predictable port numbers and does
not perform address translations inside a packet.
Many protocols open secondary TCP or UDP ports. The initial session on a well-known port is used to
negotiate dynamically assigned port numbers.
Other applications embed an IP address in the packet that needs to match the source address that is
normally translated when it goes through the security appliance.
If you use applications like these, then you need to enable application inspection.
When you enable application inspection for a service that embeds IP addresses, the security appliance
translates embedded addresses and updates any checksum or other fields that are affected by the
translation.
When you enable application inspection for a service that uses dynamically assigned ports, the security
appliance monitors sessions to identify the dynamic port assignments, and permits data exchange on
these ports for the duration of the specific session.
Inspection Limitations
See the following limitations for application protocol inspection:

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals