Cisco 7604 Configuration Manual page 711

The FWSM inspects certain application-level protocols to identify the location of embedded
inspection engine
addressing information in traffic. This allows
update any checksum or other fields that are affected by the translation. Because many protocols open
secondary
the port numbers for secondary channels. The initial session on a well-known port is used to negotiate
dynamically assigned port numbers. The application inspection engine monitors these sessions,
identifies the dynamic port assignments, and permits data exchange on these ports for the duration of
the specific session. Some of the protocols that the FWSM can inspect are CTIQBE, FTP, H.323,
HTTP, MGCP, SMTP, and SNMP.
The physical connection between a particular network and a FWSM.
interface
The IP address of a FWSM network interface. Each interface IP address must be unique. Two or more
interface ip_address
interfaces must not be given the same IP address or IP addresses that are on the same IP network.
Human readable name assigned to a FWSM network interface. The inside interface default name is
interface names
"inside" and the outside interface default name is "outside." Any perimeter interface default names
are "intfn", such as intf2 for the first perimeter interface, intf3 for the second perimeter interface, and
so on to the last interface. The numbers in the intf string corresponds to the position of the interface
card in the FWSM. You can use the default names or, if you are an experienced user, give each
interface a more meaningful name. See also inside, intfn, outside.
Any interface, usually beginning with port 2, that connects to a subset network of your design that you
intfn
can custom name and configure.
The use of
interface PAT
PAT,
The global network that uses IP. Not a LAN. See also intranet.
Internet
Intranetwork. A LAN that uses IP. See also
intranet
Internet Protocol. IP protocols are the most popular nonproprietary protocols because they can be used
IP
to communicate across any set of interconnected networks and are equally well suited for
WAN
Intrusion Prevention System. An in-line, deep-packet inspection-based solution that helps mitigate a
IPS
wide range of network attacks.
An IP protocol address. A FWSM interface ip_address. IP version 4 addresses are 32 bits in length.
IP address
This address space is used to designate the network number, optional subnetwork number, and a host
number. The 32 bits are grouped into four octets (8 binary bits), represented by 4 decimal numbers
separated by periods, or dots. The meaning of each of the four octets is determined by their use in a
particular network.
A range of local IP addresses specified by a name, and a range with a starting IP address and an ending
IP pool
address. IP Pools are used by
interface.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
TCP or UDP ports, each application inspection engine also monitors sessions to determine
PAT where the PAT IP address is also the IP address of the outside interface. See
Static PAT.
communications.
DHCP
NAT to translate these embedded addresses and to
network and Internet.
and VPNs to assign local IP addresses to clients on the inside
Glossary
Dynamic
LAN and
GL-9