application classification on PIX ver 7.0

vijay_sequeira · ‎11-07-2005

As per info availiable, PIX ver 7.0 is able to to application inspection.

Is there an equivalent command to ip nbar protocol-discovery on the pix os ver 7.0 ?

In my present scenario I am using this command on my router interface which is connected to ISP (Internet). In the future the ISP will be changed and there will be no access to the internet router (will be controlled by ISP), the connection from the router will be terminated at the pix outside interface .

present scenario

inside network --> pix -->router -->isp

future scenario

inside network-->pix -->isp

Regards

Vijay Sequeira

wyatts · ‎11-08-2005

"show service-policy global" is about as good as it gets.

Of course you can setup other service policies and different class-maps to inspect different protocols. It's not as nice as NBAR, but it may do the trick depending on what you're looking for

vijay_sequeira · ‎11-08-2005

We are currently using Nbar templates in Cacti(network graphing solution) to find out the percentage of different traffic(ftp, http etc) in the internet link.For NBAR to work we only need to enable the "ip nbar protocol discovery" on the relevant interface and the nbar queries and templates do the rest.

When we change from the current ISP to the other we will not have access to the ISP device located at our premises, The link from the device will be terminated at our fw public interface.

Regards

Vijay Sequeira