Question about CBAC

Unanswered Question
Aug 2nd, 2007

I'd like some help understanding an aspect of firewalling. I have CBAC configured on an ISR. The WAN (outside) interface is configured with an ACL that will not allow traffic to come in. CBAC's job is to allow temporary openings in this ACL for connections initiated on the LAN (inside) interface and close them when the transmission ends. So, in this case I would be configuring inspection ("ip inspect X in") on the inside interface so that traffic leaving the LAN is checked, correct?

My question is, what exactly is being inspected? I know that the inspection is happening at the application layer, but beyond that I'm not sure what the firewall is looking for. So, let's assume a telnet session is initiated inside the network to a host outside. A temporary port is opened on the external interface's ACL to allow the transmission. Now the inspection is looking at the telnet session's traffic as it enters the inside interface. What is it looking for exactly?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rochopra Thu, 08/02/2007 - 18:29

CBAC inspects protocol upto the application layer.

It can watch protocol traffic and see what dynamic ports to open for the return traffic for the protocol.

It also monitors signaling and commands for certain protocols like ftp

Example : If user is telnetting to a server on the Internet. When the outbound traffic hits the Internet interface, the CBAC creates temporary opening to permit the traffic to the server. This information is maintained in the session state table. The return traffic is permitted because the session state table indicates that inbound packets are part of the original session that was initiated by User.

Hope this helps.



This Discussion



Trending Topics - Security & Network