Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS and CBAC

I have have configured the following line:

ip inspect name IOS-FW ftp

Now, CBAC is working for FTP. But what about TCP inspection. Are the timers and thresholds for half-open connections still working? Or do I have to configure the following line as well:

ip inspect name IOS-FW tcp

Thanks in advance

Edgar

1 REPLY
Cisco Employee

Re: IOS and CBAC

Inspecting FTP will ONLY inspect FTP, not other TCP packets. As a general rule you should inspect TCP and UDP packets, otherwise you won't get the advantages of CBAC with its stateful inspection of connections, etc.

85
Views
5
Helpful
1
Replies
CreatePlease login to create content