Hi all, on cisco asa's etc, they have a default inspection for certain traffic. why do they have this? does it allow you have certain traffic types traverse the firewall without creating an access list back in, ie ftp etc ? as it goes out on 21 and comes back in on 20 ?
The inspection lists peform a deeper look at traffic of certain protocols (stated in the list). They are only used once a packet has gone through the access policy, so it is not a policy that will allow traffic by default. It is to prevent thing masking as something else to get through a firewall.
For example, TCP port 2000 is Skinny Protocol for use with Cisco Voice. We used this port for another application that was nothing to do with voice. Although the handshake could take place through the firewall no traffic could be passed because the inspection map was looking at the packets expecting voice traffic and seeing something else.
You can remove certain items in the inspection list or remove the list completely. This obviously reduces the security on the device though.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...