Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA an "Application Firewall"

Is the Cisco ASA generally considered a screening firewall or a proxy based application firewall (http://en.wikipedia.org/wiki/Application_layer_firewall)?

Thanks,

Jack

1 REPLY
Cisco Employee

Re: Cisco ASA an "Application Firewall"

Someone could say that it is both.

In general it can firewall on a network basis. In other words it sits in the middle without intervening, it monitors connections, timeouts, ACLs, sequence number etc and blocks and allows packets.

Though for applications that use signaling protocols that actively inspected by the firewall (i.e. h323, sip) it actually proxies in the middle. Moreover, for application like ftp, http etc it also looks into the application layer and can block or allow according to protocols specific fields (website for http, file name for ftp etc).

I hope it helps.

PK

753
Views
0
Helpful
1
Replies
CreatePlease login to create content