C H A P T E R
6-1
Cisco ASA Series Firewall CLI Configuration Guide
6
Getting Started with Application Layer Protocol
Inspection
The following topics describe how to configure application layer protocol inspection.
•
Application Layer Protocol Inspection, page 6-1
•
Guidelines for Application Inspection, page 6-5
•
Defaults for Application Inspection, page 6-6
•
Configure Application Layer Protocol Inspection, page 6-9
•
Configure Regular Expressions, page 6-15
•
History for Application Inspection, page 6-18
Application Layer Protocol Inspection
Inspection engines are required for services that embed IP addressing information in the user data packet
or that open secondary channels on dynamically assigned ports. These protocols require the ASA to do
a deep packet inspection instead of passing the packet through the fast path (see the general operations
configuration guide for more information about the fast path). As a result, inspection engines can affect
overall throughput. Several common inspection engines are enabled on the ASA by default, but you
might need to enable others depending on your network.
The following topics explain application inspection in more detail.
•
How Inspection Engines Work, page 6-1
•
When to Use Application Protocol Inspection, page 6-2
•
Inspection Policy Maps, page 6-3
How Inspection Engines Work
As illustrated in the following figure, the ASA uses three databases for its basic operation:
•
ACLs—Used for authentication and authorization of connections based on specific networks, hosts,
and services (TCP/UDP port numbers).
•
Inspections—Contains a static, predefined set of application-level inspection functions.
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...