Application inspection is enabled by default for most standard well-known protocols with specific TCP or UDP
port numbers. See Table 6-2 for a complete list of supported protocols, with their respective standard
compliance enforcement. Security Appliance can be tuned to inform the inspection engine to listen on
nonstandard ports. For example, the HTTP port can be changed from a standard TCP/80 to a nonstandard
TCP/8080 port. Some protocols cannot be changed; Table 6-2 identifies which protocols can be modified to
inspect for nonstandard ports. The Modular Policy Framework Command Line Interface (CLI) is used to change
the default settings for application inspection for any application layer inspection (discussed further in this
chapter). The MPF is similar to the Cisco IOS Software technique called Modular QoS CLI (MQC).
Table 6-2. Application Inspection Engines
Application PAT? NAT
(1-1)?
Ports Can Be
Modified to
Nonstandard?
Default Port Standards
Compliance
CTIQBE Yes Yes Yes TCP/2748 ??”
DNS Yes Yes No UDP/53 RFC 1123
FTP Yes Yes Yes TCP/21 RFC 959
GTP Yes Yes Yes UDP/3386
UDP/2123
??”
H.323 Yes Yes Yes TCP/1720
UDP/1718 UDP
(RAS) 1718-
1719
ITU-T H.323,
H.245, H225.
Pages:
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263