Hello everyone. Have, hopefully, a straightforward question here.
Brushing up on my ASA skills (been awhile) and have been going through my notes and just need a little clarification on some things. More or less, just want to make sure I understand a few things.
Stateful Inspection, basically is when the ASA keeps track of each connection going through it and maintaining it. Assuming the connection is allowed, the information is contained in the conn table.
Application inspection, is when we are doing deep packet inspection within certain applications? TCP, UDP, ICMP, DNS, SQLNET etc. The ASA appliance is basically making sure that the data payload within these connections is not malicious, but legit traffic.
Also, where does "inspection engine/fixup" fit into this? From what I can tell, I think it would be in the application inspection?
That pretty accurate? Or am I way off?
Thanks for your help.