https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229718#M346938 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #f7fafb; font-family: Arial, verdana, sans-serif; font-size: 12px;">Hello Mahesh,</SPAN></P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">If the connections is established from the Inside to Outside, the ASA will keep track of it and will permit the returning traffic.</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">When you enable the HTTP inspection under the Global Policy, you are performing application inspection:</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 1px 0em 6px; color: #000000; font-family: Arial, Helvetica, sans-serif;">Use the HTTP inspection engine to protect against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs several functions:</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 1px 0em 6px; color: #000000; font-family: Arial, Helvetica, sans-serif;">•Enhanced HTTP inspection</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•URL screening through N2H2 or Websense</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Java and ActiveX filtering</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">The enhanced HTTP inspection feature, can help prevent attackers from using HTTP messages for circumventing network security policy. It verifies the following for all HTTP messages:</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Conformance to RFC 2616</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Use of RFC-defined methods only.</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Compliance with the additional criteria.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">-Eddy Duran</P></BODY></HTML> Sat, 06 Jul 2013 18:31:56 GMT Eddy Duran 2013-07-06T18:31:56Z https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229717#M346937 <P>Hi Everyone,</P><P></P><P>Need to confirm about HTTP inspection on ASA.</P><P></P><P>When we open up any http website pages opens up and return traffic is allowed as ASA&nbsp; is statefull and remembers TCP/UDP&nbsp; session by default.</P><P></P><P>Even though HTTP is not enabled under class inspection default or under global policy.</P><P></P><P>does this mean that when we open up any website then that HTTP connection is considered normal TCP traffic thats why it is allowed even though it is </P><P>not enabled under global policy?</P><P></P><P>Secondly when we enable http under class inspection default and apply it under global policy does that mean that now we are doing layer 7 inspection?</P><P></P><P>Also does it mean that now ASA is inspecting the traffic for config rules under global service policy?</P><P></P><P>Regards</P><P></P><P>MAhesh</P> Tue, 12 Mar 2019 02:08:00 GMT https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229717#M346937 mahesh18 2019-03-12T02:08:00Z https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229718#M346938 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #f7fafb; font-family: Arial, verdana, sans-serif; font-size: 12px;">Hello Mahesh,</SPAN></P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">If the connections is established from the Inside to Outside, the ASA will keep track of it and will permit the returning traffic.</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">When you enable the HTTP inspection under the Global Policy, you are performing application inspection:</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 1px 0em 6px; color: #000000; font-family: Arial, Helvetica, sans-serif;">Use the HTTP inspection engine to protect against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs several functions:</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 1px 0em 6px; color: #000000; font-family: Arial, Helvetica, sans-serif;">•Enhanced HTTP inspection</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•URL screening through N2H2 or Websense</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Java and ActiveX filtering</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">The enhanced HTTP inspection feature, can help prevent attackers from using HTTP messages for circumventing network security policy. It verifies the following for all HTTP messages:</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Conformance to RFC 2616</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Use of RFC-defined methods only.</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">•Compliance with the additional criteria.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0px 0em 7px 0.25in; color: #000000; font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">-Eddy Duran</P></BODY></HTML> Sat, 06 Jul 2013 18:31:56 GMT https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229718#M346938 Eddy Duran 2013-07-06T18:31:56Z https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229719#M346939 <HTML><HEAD></HEAD><BODY><P>Hello Mahesh,</P><P></P><P>Just to add something to the great answer Eddy provided,</P><P></P><P>The ASA will start logging the websites you access when you have the HTTP inspection.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>does this mean that when we open up any website then that HTTP connection is considered normal TCP traffic thats why it is allowed even though it is</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>not enabled under global policy?</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif; min-height: 8pt; height: 8pt;"> Exactly, regular TCP session inspection</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif; min-height: 8pt; height: 8pt;">While adding the inspect HTTP will start looking at the content of the HTTP payload,</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif; min-height: 8pt; height: 8pt;">Regards</P><P></P><P></P><P></P><P></P><P>Remember to rate all of the helpful posts. <BR /> <BR />For this community that's as important as a thanks.</P></BODY></HTML> Sat, 06 Jul 2013 19:40:21 GMT https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229719#M346939 Julio Carvajal 2013-07-06T19:40:21Z https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229720#M346940 <HTML><HEAD></HEAD><BODY><P>Hi Eddy &amp; Julio,</P><P></P><P>Thanks for your answers now my doubts about HTTP are clear and i can understand the concept better.</P><P></P><P>Best regards</P><P>Mahesh</P></BODY></HTML> Sun, 07 Jul 2013 14:53:36 GMT https://community.cisco.com/t5/network-security/question-about-http-inspection-on-asa/m-p/2229720#M346940 mahesh18 2013-07-07T14:53:36Z