Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
8
Helpful
1
Replies

firewall

carl_townshend
Spotlight
Spotlight

‎10-26-2006 03:02 AM - edited ‎03-05-2019 12:27 PM

hi all, i hear that firewalls check down to application level. an access list can block ports , which i thought are at that level, is there a difference ?

Labels:
0 Helpful
1 Reply 1

m.sir
Level 7
Level 7

‎10-26-2006 03:27 AM

TCP or UDP ports operate at L4 but firewalls (ASA or PIX) are able to inspect packets to application level...

Its used when common ports (TCP 80 for web brosing or TCP 21 for FTP) are used by P2P applications like Kazaa, eMule. Skype...

administrators permit traffic from network for port 80 (because it is used for web browsing) - but TCP 80 can be also misused by P2P applications

With access list you cannot see what traffic flows on port 80.. ACL only looks on destination port - its TCP 80 - OK its permitted and access is allowed BUT with application inspection firewall is able look deeper inside packet and see there is no HTTP commands inside packet ( CONNECT Command, DISCONNECT Command, GET Command, HEAD Command etc..) so firewall is able to recognize non-HTTP traffic (non-FTP) on port 80 (21) a deny such malicious traffic

M.

Hope that helps rate if it does

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card