Cisco ASA 5506-X Configuration Manual page 129
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Getting Started with Application Layer Protocol
Inspection
The following topics describe how to configure application layer protocol inspection.
•
•
•
•
•
•
Application Layer Protocol Inspection
Inspection engines are required for services that embed IP addressing information in the user data packet
or that open secondary channels on dynamically assigned ports. These protocols require the ASA to do
a deep packet inspection instead of passing the packet through the fast path (see the general operations
configuration guide for more information about the fast path). As a result, inspection engines can affect
overall throughput. Several common inspection engines are enabled on the ASA by default, but you
might need to enable others depending on your network.
The following topics explain application inspection in more detail.
•
•
•
How Inspection Engines Work
As illustrated in the following figure, the ASA uses three databases for its basic operation:
•
•
Application Layer Protocol Inspection, page 6-1
Guidelines for Application Inspection, page 6-5
Defaults for Application Inspection, page 6-6
Configure Application Layer Protocol Inspection, page 6-9
Configure Regular Expressions, page 6-15
History for Application Inspection, page 6-18
How Inspection Engines Work, page 6-1
When to Use Application Protocol Inspection, page 6-2
Inspection Policy Maps, page 6-3
ACLs—Used for authentication and authorization of connections based on specific networks, hosts,
and services (TCP/UDP port numbers).
Inspections—Contains a static, predefined set of application-level inspection functions.
C H A P T E R
Cisco ASA Series Firewall CLI Configuration Guide
6
6-1
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
