Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewall

hi all, i hear that firewalls check down to application level. an access list can block ports , which i thought are at that level, is there a difference ?

1 REPLY
Gold

Re: firewall

TCP or UDP ports operate at L4 but firewalls (ASA or PIX) are able to inspect packets to application level...

Its used when common ports (TCP 80 for web brosing or TCP 21 for FTP) are used by P2P applications like Kazaa, eMule. Skype...

administrators permit traffic from network for port 80 (because it is used for web browsing) - but TCP 80 can be also misused by P2P applications

With access list you cannot see what traffic flows on port 80.. ACL only looks on destination port - its TCP 80 - OK its permitted and access is allowed BUT with application inspection firewall is able look deeper inside packet and see there is no HTTP commands inside packet ( CONNECT Command, DISCONNECT Command, GET Command, HEAD Command etc..) so firewall is able to recognize non-HTTP traffic (non-FTP) on port 80 (21) a deny such malicious traffic

M.

Hope that helps rate if it does

137
Views
8
Helpful
1
Replies
CreatePlease login to create content