Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Default inspection in ASA

Hi,

I didnt understand the exact function of default inpsection class in ASA or fixup in PIX. ( ftp,tftp,smtp,sip etc .). Why these particular protocols are added in this class and in global policy map?

do these change ports dynamically is that the reason? What about those protocols those do not appear in this list.

It is very basic ASA conf, but still i didnt get it.

Please share the experience.

Any link on cisco.com?

Thanks in advance.

Subodh

1 REPLY

Re: Default inspection in ASA

Bapat, read this link.. those defaults inspection protocols are the most common protocols that requires deep packet inspection, these are included in the default global policy.

All the rest are subject to stateful inspection through the regular stateful inspection engine also known as the fast path - see steful inspection overview on this same link to help you get a better picture.

Application layer protocol inspection

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html

Also Jon Marshal - posted a very good answer to your question few days ago.. you may want to take a look at this as well.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd2e157

Regards

387
Views
0
Helpful
1
Replies
CreatePlease to create content