CBAC examines the transport layer, network layer, and upper-layer application-protocol information,
keeping track of the flows and the state of each session (for example, HTTP, Simple Mail Transfer Protocol
(SMTP), and FTP).
CBAC maintains state information for every connection passing through the firewall in a session table (also
called the state table). The connection information from the state table is used to make intelligent
decisions about whether packets should be permitted or denied, thereby dynamically creating temporary
openings in the firewall.
CBAC generates real-time event alerts and audit trails. Alerts and audit trail information can be configured
on a per-application protocol basis.
Upon detecting suspicious activity, the real-time event alert feature sends SYSLOG error messages to
central management consoles for notification.
Enhanced audit trail features use SYSLOG to track all network transactions used for advance analysis and
reporting.
Note
CBAC is being replaced with the new ZFW configuration model in the new Cisco IOS Software releases.
ZFW will also be covered in this chapter. All new features will be offered in the new ZFW configuration
model. There is no end-of-life plan (as of this writing) for CBAC, but there will be no new features added
into CBAC.
Pages:
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214