Can someone advise if Cisco IOS CBAC FW really does deep packet inspection. CBAC (with inspect engine configured)
does not update signature patterns as does Juniper & Check Point fw. It seems that CBAC, inspect engine is limited.
I say this because the fw's that do DI use pattern inspection, these patterns are updated daily, by subscription. As CBAC doesn't rely on pattern updates, how can it do DI (inspect packet payload not just src/dest & port info) & look for new atttck signatures?