Default inspection in ASA

Unanswered Question
Aug 25th, 2009


I didnt understand the exact function of default inpsection class in ASA or fixup in PIX. ( ftp,tftp,smtp,sip etc .). Why these particular protocols are added in this class and in global policy map?

do these change ports dynamically is that the reason? What about those protocols those do not appear in this list.

It is very basic ASA conf, but still i didnt get it.

Please share the experience.

Any link on

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 08/25/2009 - 11:20

Bapat, read this link.. those defaults inspection protocols are the most common protocols that requires deep packet inspection, these are included in the default global policy.

All the rest are subject to stateful inspection through the regular stateful inspection engine also known as the fast path - see steful inspection overview on this same link to help you get a better picture.

Application layer protocol inspection

Also Jon Marshal - posted a very good answer to your question few days ago.. you may want to take a look at this as well.



This Discussion