Re: do CSA block certains applications when learning mode enable
While in learning mode, the agent is noting which applications run on the system and what those applications are allowed to do. Running the agent in learning mode for a certain amount of time allows it to learn the system's normal operating behavior and then provide security accordingly once learning mode is disabled. While in learning mode, the agent notes what applications are used to access the network and assigns those permissions automatically.
When the agent is taken out of learning mode, it will allow only those applications it previously noted to run in the manner in which they were used during the learning period. If the agent notices a new action that it has not learned taking place on the system, the agent queries the user, asking if it is okay for the application in question to access the resource in question. Once users reply to the query, the agent remembers the response and the next time the application is used, the same action is allowed or denied based on the initial response and users are not queried again.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...