Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

application level checks on 1811

We have a remote 1811 router which has zone based in it. We want to check if zone based configuring is doing any check on applications & if so, which all applications.

is there any command to identify that.

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: application level checks on 1811

if you have any inspect rules for ftp traffic, then ftp inspection is happening

4 REPLIES
Cisco Employee

Re: application level checks on 1811

zone based firewall is cable of doing l7 inspection. it is capable of lot things , but do youhave any specific thing in mind that you are looking for

if it is ok you might want to paste

show run class-map

show run policy-map

show zone-pair security

so that we can check it and inform what your zone based firewall is configured for

New Member

Re: application level checks on 1811

thanks. unfortunately that device cant be accessed by me.But i have been told that it has only statements for allowing traffic from certain zones to others.

i was looking to see if there is any ftp or so application inspection on it.

but the site people tell me they dont find anything in the configurations about ftp.

So will that mean it is not doing any level 4 -7 inspection.

TIA

Cisco Employee

Re: application level checks on 1811

if you have any inspect rules for ftp traffic, then ftp inspection is happening

New Member

Re: application level checks on 1811

thanks.

similarly, on an asa, due to some previous problems, smtp inspection was turned off.

  but in the configuration, following was seen :

   policy-map type inspect esmtp smtp_map

parameters

   as the smtp inspection was already not being inspected. will the above smtp_map work or take active role & cause inspection for smtp.

service-policy does not show any smtp inspection.

is this a normal way to see this even after smtp has been turned off.

TIA

206
Views
0
Helpful
4
Replies
CreatePlease to create content