Chapter 25 Configuring Application Layer Protocol Inspection - Cisco PIX 500 Series Configuration Manual

Configuring Application Layer Protocol
Inspection
This chapter describes how to configure application layer protocol inspection. Inspection engines are
required for services that embed IP addressing information in the user data packet or that open secondary
channels on dynamically assigned ports. These protocols require the security appliance to do a deep
packet inspection instead of passing the packet through the fast path (see the
Overview" section on page 1-4
can affect overall throughput.
Several common inspection engines are enabled on the security appliance by default, but you might need
to enable others depending on your network. This chapter includes the following sections:
Inspection Engine Overview, page 25-2
•
–
–
–
Configuring Application Inspection, page 25-5
•
CTIQBE Inspection, page 25-10
•
• DCERPC Inspection, page 25-12
• DNS Inspection, page 25-13
ESMTP Inspection, page 25-24
•
FTP Inspection, page 25-26
•
GTP Inspection, page 25-31
•
H.323 Inspection, page 25-37
•
HTTP Inspection, page 25-44
•
Instant Messaging Inspection, page 25-48
•
• ICMP Inspection, page 25-52
• ICMP Error Inspection, page 25-52
ILS Inspection, page 25-52
•
MGCP Inspection, page 25-53
•
NetBIOS Inspection, page 25-58
•
PPTP Inspection, page 25-60
•
OL-12172-03
for more information about the fast path). As a result, inspection engines
When to Use Application Protocol Inspection, page 25-2
Inspection Limitations, page 25-3
Default Inspection Policy, page 25-3
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
25
"Stateful Inspection
25-1