IOS Firewall Feature sets & SDM

Unanswered Question
Feb 27th, 2007

Hello Everyone,

I am trying to understand the Cisco IOS firewall feature sets in regards to SDM.

As I understand it, depending on the IOS, SDM will allow you to create any customized firewall using the Cisco IOS firewall feature sets.

However, when creating basic or advanced firewall policies using SDM, is it simply using standard and extended ACL?s for denied traffic and CBAC lists for the permitted traffic?

To my understanding CBAC lists examine the application layer (L7).

What I do not understand is what is being examined when CBAC lists are configured.

For example, if CBAC?s are configured and ip inspect ftp or ip inspect http was configured, what would the CBAC?s be examining for? Malformed packets? Open/Close sessions, etc. Also where is the signature list kept to determine what to examine, if there is such. Also what criteria are used to determine to drop the packets, etc?

Any information would be greatly appreciated.

Cheers,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
dominic.caron Wed, 02/28/2007 - 04:50

HTTP inspection is used to filter java applet or url

FTP inspection is used to inspect the control connection and dynamically allow data connection back in.

If you inspect generic TCP and UDP, this is used to allow returning traffic into your network. (TCP also examine sequence number)

The main use of cbac is to allow session originating for the inside of you network to come back in. Even if your outside ACL deny the traffic. There is no signature list, it's not a IPS.

You can usualy add IPS feature to your router but you'll have to pay for a subscription. The basic IOSFW signature are...basic.

christopher.clayden Wed, 02/28/2007 - 06:38

Thank you for the reply as it is most appreciated.

In regards to the firewall configuration with SDM, how are the firewall rules sets created? Are they simply standard and extended ACL?s, including CBAC's, or is there more.

Overall, will the SDM firewall features improve upon security compared to writing my own ACL?s?

What are the benefits if such?

Any feedback would be greatly appreciated.

Thank you in advance,

Cheers,

Actions

This Discussion