08-27-2008 03:12 AM - edited 03-06-2019 01:01 AM
Hi all, after reading my firewall course notes, it says that the asa acts a a proxy server, it says stateful inspection combines packet filtering and proxy services. Can anyone tell me what exactly it proxies? does this mean the firewall initialises these connections, and is it only for certain applications ?
08-27-2008 04:23 AM
with packet filltering firewall and router look at lyer three IP source and distination and layer four port number tcp/udp
but with the firewall it gose to higher than layer 3 and 4 and start inspect application layer
statful inspection means
if u put deny any on the outside interface
and u have a client from the inside opened a connection lets say http
in normal cases like a router with deny all on the outside interface the packet will go out once it comes back from the http server will be denied because there is deny all
while with statefull inspection with ASA there a table that the ASA build it called state table this table keeps track of conection started from outside then it will allow the returne traffic for that connection in the state table
becuase TCP is staeful the ASA can keep track of the syn synack and tcp sequence and at the same time ASA dose not proxy but randumize that sequence number for security to prevent any hucker to insert packet between the sequenced number
with udp it use a timer for the connection which timeout the connection if take longer time
if helpful Rate
08-27-2008 07:21 AM
hi there, in my cisco training notes, it says the asa acts as a proxy server, why does it say that?
08-27-2008 03:09 PM
it act like but not exactly
because with nating
the connection will apear to the outtside as from the ASA not from the client behind it
also wit the newer version of ASA there is cacheing capabilities so it is to smoe extent a proxy too
if helpful rate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: