I can't make sense of this. Here's what I have:
policy-map type inspect http test-http-inspect-map
protocol-violation action drop-connection
inspect http test-http-inspect-map
service-policy global-policy global
I'm trying to access a webserver on the "dmz" network (security-level 50) from the "outside" network (security-level 100). I can't do so until I apply an access-list. So, I allow traffic on dst port 80 from from the outside. But at that point it seems the application inspection doesn't work. To test this I telnet to port 80 from the outside host to the internal webserver and issued "post blah". I'm able to see "post blah" in a capture on the internal webserver. So, how do I properly apply application inspection and what is a good way to test it? TIA.
What protocol is port 188 using? We cannot build inspects based on protocols we don't know.
So if it one of the well known protocols then you can use the pre-defined inspections. If not thee is not much of inspecting you can do on the ASA except regular tcp inspection.
Of course for .exe etc files there are ips that can look into regex strings in the packets.
I hope it helps.