Thanks Harish.

Link provided will help in customising the MPF - policies. I am very much in need of understand of what is done by each default L3/L4 inspecttion on firewall.

Let me come to point why i am asking , last week you had help me to understand behaviour of sql inspection which resets packet if size / window goes above 16000 & to resovle the issue we need to bypass that particular traffic flow from inspections.

Like that , i would proactively like to know what are significance of each inspect , their own features or capabilities..

inspect dns preset_dns_map

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny 

  inspect sunrpc 

  inspect xdmcp 

  inspect sip 

  inspect netbios 

  inspect tftp 

Appricaite your help

Regards

Yogesh

Hello Yogesh,

Explain all of them will require a lot of time but I will provide you the fundamentals of why we need them!!

There are several protocols that negotiate via a control channel a data channel ( Like FTP) so the question is, for a firewall how can we open this data channel dynamically without user intervention or configuration?? The answer is by inspecting the control channel protocol.

Other protocols that need to open secondary channels are SIP,h323,etc. So you will need to have their inspection as well.

Know for protocols like TFTP,SMTP, Why do we need them?

This will provide granularity to our firewall rules as the ASA will determine based on RFC standards or custom actions if traffic related to a particular protocol should be allowed or not.

As an example with the esmtp inspection, the ASA will be able to allow some SMTP sessions based on specific commands,etc.

Hope this helps

Any other question..Sure..Just remember to rate all of my answers.

Julio