C H A P T E R 25 Configuring Application Layer Protocol Inspection - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Inspection Engine Overview
•
•
•
•
•
•
•
•
•
•
•
Inspection Engine Overview
This section includes the following topics:
•
•
•
When to Use Application Protocol Inspection
When a user establishes a connection, the security appliance checks the packet against access lists,
creates an address translation, and creates an entry for the session in the fast path, so that further packets
can bypass time-consuming checks. However, the fast path relies on predictable port numbers and does
not perform address translations inside a packet.
Many protocols open secondary TCP or UDP ports. The initial session on a well-known port is used to
negotiate dynamically assigned port numbers.
Other applications embed an IP address in the packet that needs to match the source address that is
normally translated when it goes through the security appliance.
If you use applications like these, then you need to enable application inspection.
When you enable application inspection for a service that embeds IP addresses, the security appliance
translates embedded addresses and updates any checksum or other fields that are affected by the
translation.
When you enable application inspection for a service that uses dynamically assigned ports, the security
appliance monitors sessions to identify the dynamic port assignments, and permits data exchange on
these ports for the duration of the specific session.
Inspection Limitations
See the following limitations for application protocol inspection:
Cisco Security Appliance Command Line Configuration Guide
25-2
RADIUS Accounting Inspection, page 25-59
RSH Inspection, page 25-60
RTSP Inspection, page 25-60
SIP Inspection, page 25-61
Skinny (SCCP) Inspection, page 25-67
SMTP and Extended SMTP Inspection, page 25-71
SNMP Inspection, page 25-72
SQL*Net Inspection, page 25-73
Sun RPC Inspection, page 25-73
TFTP Inspection, page 25-76
XDMCP Inspection, page 25-76
When to Use Application Protocol Inspection, page 25-2
Inspection Limitations, page 25-2
Default Inspection Policy, page 25-3
Chapter 25
Configuring Application Layer Protocol Inspection
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
