Solved

CBAC question - Cisco IOS firewall

Posted on 2011-03-07
3
489 Views
Last Modified: 2012-05-11
A quick question, as I am little confused... CBAC:

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall tftp
ip inspect name firewall smtp
...

What is the point in listing ALL these protocols, if we put tcp and udp at the top of the list? I assume that if I put 'inspect tcp', it will include ftp, smtp etc... ???
0
Comment
Question by:m1979
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 35070012

Generically you can look at TCP or UDP, layer 4, or you can look deeper into the packet via layer 7.
So, additional deep packet inspection capabilities.  So for example, inspection of mail would allow you much more granularity inspecting the commands the mail application uses, allowing or disallowing specific mail commands or security threats  

harbor235 ;}
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 35070027
TCP inspection simply allows the router to watch simple TCP sessions and allow the traffic back through the firewall.

For more complex protocols (such as FTP which uses secondary connectoins), or to make sure that traffic on a particular port conforms to the protocol standard (such as making sure that traffic on port 25 is SMTP), you will need to use the proper keywords.
0
 

Author Closing Comment

by:m1979
ID: 35070391
Thx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month6 days, 23 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question