Solved

CBAC question - Cisco IOS firewall

Posted on 2011-03-07
3
480 Views
Last Modified: 2012-05-11
A quick question, as I am little confused... CBAC:

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall tftp
ip inspect name firewall smtp
...

What is the point in listing ALL these protocols, if we put tcp and udp at the top of the list? I assume that if I put 'inspect tcp', it will include ftp, smtp etc... ???
0
Comment
Question by:m1979
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 35070012

Generically you can look at TCP or UDP, layer 4, or you can look deeper into the packet via layer 7.
So, additional deep packet inspection capabilities.  So for example, inspection of mail would allow you much more granularity inspecting the commands the mail application uses, allowing or disallowing specific mail commands or security threats  

harbor235 ;}
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 35070027
TCP inspection simply allows the router to watch simple TCP sessions and allow the traffic back through the firewall.

For more complex protocols (such as FTP which uses secondary connectoins), or to make sure that traffic on a particular port conforms to the protocol standard (such as making sure that traffic on port 25 is SMTP), you will need to use the proper keywords.
0
 

Author Closing Comment

by:m1979
ID: 35070391
Thx
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VPN Problems 3 52
VLAN Tag for chained network device. 11 56
SNMP v3 Encryption of encoded messages 3 32
iPad Won't Connect 16 40
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now