Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CBAC question - Cisco IOS firewall

Posted on 2011-03-07
3
Medium Priority
?
492 Views
Last Modified: 2012-05-11
A quick question, as I am little confused... CBAC:

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall tftp
ip inspect name firewall smtp
...

What is the point in listing ALL these protocols, if we put tcp and udp at the top of the list? I assume that if I put 'inspect tcp', it will include ftp, smtp etc... ???
0
Comment
Question by:m1979
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 1000 total points
ID: 35070012

Generically you can look at TCP or UDP, layer 4, or you can look deeper into the packet via layer 7.
So, additional deep packet inspection capabilities.  So for example, inspection of mail would allow you much more granularity inspecting the commands the mail application uses, allowing or disallowing specific mail commands or security threats  

harbor235 ;}
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1000 total points
ID: 35070027
TCP inspection simply allows the router to watch simple TCP sessions and allow the traffic back through the firewall.

For more complex protocols (such as FTP which uses secondary connectoins), or to make sure that traffic on a particular port conforms to the protocol standard (such as making sure that traffic on port 25 is SMTP), you will need to use the proper keywords.
0
 

Author Closing Comment

by:m1979
ID: 35070391
Thx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question