Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1534
Views
0
Helpful
2
Replies

fwsm stateful inspection

ppalmerjr
Level 1
Level 1

‎01-29-2010 05:33 PM - edited ‎03-09-2019 10:48 PM

It is clear that the FWSM is a stateful firewall but I'm confused when it comes to the inspect statements.  Is the FWSM still a stateful device if there are no inspect statements in the global inspection policy?  I'm confused as to why you cannot inspect https traffic.

Basically is there any reason for the response HTTPS traffic to be blocked

REQUEST

server (inside) makes https(443) request to outside---> permit ip any any outbound --> server (ouside) responds (random port) ---> no acl needed inbound because FW is stateful....right???

Thanks in advance for clarification on this as I'm having trouble finding a straight answer on this.

Labels:
0 Helpful
2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-31-2010 07:18 AM 

It is clear that the FWSM is a
stateful firewall but I'm confused when it comes to the inspect
statements.  Is the FWSM still a stateful device if there are no
inspect statements in the global inspection policy?  I'm confused as to
why you cannot inspect https traffic. 
Basically is there any reason for the response HTTPS traffic to be blocked
REQUEST
server
(inside) makes https(443) request to outside---> permit ip any any
outbound --> server (ouside) responds (random port) ---> no acl
needed inbound because FW is stateful....right???
Thanks in advance for clarification on this as I'm having trouble finding a straight answer on this.

Hi,

Multiple vulnerabilities exist in the Cisco Firewall Services Module       (FWSM). These vulnerabilities occur in the processing of specific Hypertext       Transfer Protocol (HTTP), Secure HTTP (HTTPS), Session Initiation Protocol       (SIP), and Simple Network Management Protocol (SNMP) traffic. All of these vulnerabilities may result       in a reload of the device.

Check out the belwo link hope that clears out your query !!

http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml

If helpful do rate

Ganesh.H

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Ganesh Hariharan

‎01-31-2010 08:18 AM

Http inspection check protocol conformance and also can block urls etc.

Response from http/s server should be to you clients source port, not random port. Then the inspection, as long as it has seen the intial packets should not drop the response.

Check you logs to see if it dropped why it is dropped.

Also a "sh service-policy" will show you if the inspection is dropping something for http.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents