Solved

CBAC question - Cisco IOS firewall

Posted on 2011-03-07
3
488 Views
Last Modified: 2012-05-11
A quick question, as I am little confused... CBAC:

ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall tftp
ip inspect name firewall smtp
...

What is the point in listing ALL these protocols, if we put tcp and udp at the top of the list? I assume that if I put 'inspect tcp', it will include ftp, smtp etc... ???
0
Comment
Question by:m1979
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 35070012

Generically you can look at TCP or UDP, layer 4, or you can look deeper into the packet via layer 7.
So, additional deep packet inspection capabilities.  So for example, inspection of mail would allow you much more granularity inspecting the commands the mail application uses, allowing or disallowing specific mail commands or security threats  

harbor235 ;}
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 35070027
TCP inspection simply allows the router to watch simple TCP sessions and allow the traffic back through the firewall.

For more complex protocols (such as FTP which uses secondary connectoins), or to make sure that traffic on a particular port conforms to the protocol standard (such as making sure that traffic on port 25 is SMTP), you will need to use the proper keywords.
0
 

Author Closing Comment

by:m1979
ID: 35070391
Thx
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question