Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question About HTTP inspection on ASA

Hi Everyone,

Need to confirm about HTTP inspection on ASA.

When we open up any http website pages opens up and return traffic is allowed as ASA  is statefull and remembers TCP/UDP  session by default.

Even though HTTP is not enabled under class inspection default or under global policy.

does this mean that when we open up any website then that HTTP connection is considered normal TCP traffic thats why it is allowed even though it is

not enabled under global policy?

Secondly when we enable http under class inspection default and apply it under global policy does that mean that now we are doing layer 7 inspection?

Also does it mean that now ASA is inspecting the traffic for config rules under global service policy?

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Question About HTTP inspection on ASA

Hello Mahesh,

If the connections is established from the Inside to Outside, the ASA will keep track of it and will permit the returning traffic.

When you enable the HTTP inspection under the Global Policy, you are performing application inspection:

Use the HTTP inspection engine to protect against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs several functions:

•Enhanced HTTP inspection

•URL screening through N2H2 or Websense

•Java and ActiveX filtering

The enhanced HTTP inspection feature, can help prevent attackers from using HTTP messages for circumventing network security policy. It verifies the following for all HTTP messages:

•Conformance to RFC 2616

•Use of RFC-defined methods only.

•Compliance with the additional criteria.

-Eddy Duran

Question About HTTP inspection on ASA

Hello Mahesh,

Just to add something to the great answer Eddy provided,

The ASA will start logging the websites you access when you have the HTTP inspection.

does this mean that when we open up any website then that HTTP connection is considered normal TCP traffic thats why it is allowed even though it is

not enabled under global policy?

Exactly, regular TCP session inspection

While adding the inspect HTTP will start looking at the content of the HTTP payload,

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
3 REPLIES
New Member

Question About HTTP inspection on ASA

Hello Mahesh,

If the connections is established from the Inside to Outside, the ASA will keep track of it and will permit the returning traffic.

When you enable the HTTP inspection under the Global Policy, you are performing application inspection:

Use the HTTP inspection engine to protect against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs several functions:

•Enhanced HTTP inspection

•URL screening through N2H2 or Websense

•Java and ActiveX filtering

The enhanced HTTP inspection feature, can help prevent attackers from using HTTP messages for circumventing network security policy. It verifies the following for all HTTP messages:

•Conformance to RFC 2616

•Use of RFC-defined methods only.

•Compliance with the additional criteria.

-Eddy Duran

Question About HTTP inspection on ASA

Hello Mahesh,

Just to add something to the great answer Eddy provided,

The ASA will start logging the websites you access when you have the HTTP inspection.

does this mean that when we open up any website then that HTTP connection is considered normal TCP traffic thats why it is allowed even though it is

not enabled under global policy?

Exactly, regular TCP session inspection

While adding the inspect HTTP will start looking at the content of the HTTP payload,

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Question About HTTP inspection on ASA

Hi Eddy & Julio,

Thanks for your answers now my doubts about HTTP are clear and i can understand the concept better.

Best regards

Mahesh

235
Views
0
Helpful
3
Replies
CreatePlease login to create content