What is appfw - IOS Firewall

The Cisco Config Manager put in the following line of config when I enabled the firewall on the Cisco 871 router.  What is appfw?  And why does CCP_LOW appear a second time - at the end of the line?  Thanks.

ip inspect name CCP_LOW appfw CCP_LOW
amigan_99Network EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CCP_LOW is just the name of the filter; you can call it whatever you like, the Config Manager calls it CCP_LOW
You will also see CCP_LOW referenced lower in the config where the rules you created in the Config Manager are defined

appfw is Application Firewall - more on appfw here: http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/ht_fw_im.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amigan_99Network EngineerAuthor Commented:
Well now I see my confusion.  appfw is only mentioned once in the config and that's in the line
"ip inspect name CCP_LOW appfw CCP_LOW"

CCP_LOW only shows up one other place - on the outside interface config.  "ip inspect CCP_LOW out".

Looks like something did not go in right.

amigan_99Network EngineerAuthor Commented:
Great - thanks for the timely reply.
Maybe you turned on the firewall but did not define any rules yet? That might account for the behavior you are describing.
amigan_99Network EngineerAuthor Commented:
The Config Manager appears to not be working from outside although I can ssh ok to the box.  

If I add some lines like

ip inspect name CCP_LOW tftp
ip inspect name CCP_LOW tcp

...should that do the trick for permitting back reply traffic?  The Config Manage added an ACL to the outside
interface which essentially blocks all inbound traffic including response traffic.  Thanks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.