I am trying to understand the Cisco IOS firewall feature sets in regards to SDM.
As I understand it, depending on the IOS, SDM will allow you to create any customized firewall using the Cisco IOS firewall feature sets.
However, when creating basic or advanced firewall policies using SDM, is it simply using standard and extended ACL?s for denied traffic and CBAC lists for the permitted traffic?
To my understanding CBAC lists examine the application layer (L7).
What I do not understand is what is being examined when CBAC lists are configured.
For example, if CBAC?s are configured and ip inspect ftp or ip inspect http was configured, what would the CBAC?s be examining for? Malformed packets? Open/Close sessions, etc. Also where is the signature list kept to determine what to examine, if there is such. Also what criteria are used to determine to drop the packets, etc?
Any information would be greatly appreciated.