netdoc01
asked on
Cisco IOS firewall - ip inspect name OUTSIDE TCP
I am trying to make sense of the IP INSPECT statement of the Cisco IOS firewall. What does it mean when I have IP INSPECT NAME OUTSIDE TCP? or IP INSPECT NAME OUTSIDE ICMP? Does it mean that after the packet pass through the access list, it will be inspected by the IOS firewall and it the packet is not a TCP connection or an ICMP packet, the packet will be dropped? Thx
For example, if you do not include a
"IP INSPECT NAME OUTSIDE UDP"
The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
"IP INSPECT NAME OUTSIDE UDP"
The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
ASKER
"inspecting packets for abnormalities and/or possible attacks"
How can it determine if a packet is bad like you have mentioned above?
How can it determine if a packet is bad like you have mentioned above?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Same applies to ICMP, the firewall will inspect the packet, make sure everything looks ok in it, then pass it on.
If the packet is deemed bad, corrupt or invalid - even part of a possible attack, it will then be dropped.