CBAC/Inspect engine - Deep Packet Inspection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2011 12:05 AM - edited 03-11-2019 01:05 PM
Can someone advise if Cisco IOS CBAC FW really does deep packet inspection. CBAC (with inspect engine configured)
does not update signature patterns as does Juniper & Check Point fw. It seems that CBAC, inspect engine is limited.
I say this because the fw's that do DI use pattern inspection, these patterns are updated daily, by subscription. As CBAC doesn't rely on pattern updates, how can it do DI (inspect packet payload not just src/dest & port info) & look for new atttck signatures?
Regards
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2011 12:28 AM
CBAC is an older technolgy with its successor being Zone Based Firewalls.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
Are you looking for something to help prevent denial of service attacks, protection against worms, hackers and viruses, etc?
I suggest that you have a look at Intrusion Protection that performs deep-packet inspection to protect against these types of attacks.
If you have a valid license you can also get regular signature updates.
You can either run it on your router or you can purchase a separate hardware device.
