default inspection policy on firewalls

Unanswered Question
Jun 19th, 2008
User Badges:

Hi all, on cisco asa's etc, they have a default inspection for certain traffic. why do they have this? does it allow you have certain traffic types traverse the firewall without creating an access list back in, ie ftp etc ? as it goes out on 21 and comes back in on 20 ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Wantser1981_2 Fri, 06/20/2008 - 00:39
User Badges:

The inspection lists peform a deeper look at traffic of certain protocols (stated in the list). They are only used once a packet has gone through the access policy, so it is not a policy that will allow traffic by default. It is to prevent thing masking as something else to get through a firewall.

For example, TCP port 2000 is Skinny Protocol for use with Cisco Voice. We used this port for another application that was nothing to do with voice. Although the handshake could take place through the firewall no traffic could be passed because the inspection map was looking at the packets expecting voice traffic and seeing something else.

You can remove certain items in the inspection list or remove the list completely. This obviously reduces the security on the device though.



This Discussion