CBAC inspection rules can be
configured for reporting event alerts and audit trail information on a per-application-protocol basis.
How CBAC Works
The following sections highlight the fundamental concepts of how CBAC inspects packets and maintains state
information for all the connections, thereby providing intelligent filtering.
Packet Inspection
CBAC performs per-protocol inspection. Each protocol that requires inspection is individually enabled, and an
interface and interface direction (in or out) is specified where inspection originates. Only the specified protocols
will be inspected by CBAC. All other protocols continue uninterrupted, subject to other router processes??”for
example, NAT, routing, and ACL.
Packets entering the firewall are subject to inspection only if they first pass the inbound access list at the input
interface and outbound access list at the output interface. If a packet is denied by the access list, the packet is
simply dropped without CBAC inspection performed.
For TCP protocol inspection, CBAC keeps track of sequence numbers in all TCP packets. Packets with sequence
numbers that are not within the expected ranges are dropped.
Timeout and Threshold Values
CBAC uses several timeout and threshold values to manage session state information.
Pages:
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217