On Wed, Jan 20, 2010 at 9:24 PM, faisal bhura <[email protected]>wrote:
> hi , > 1. when you enable tcp inspection it would enable state fullness > for all TCP traffic. > > when you enable tcp inspection , all tcp traffic will be inspected > with the RFC of tcp ,so if you enable inspection of tcp alone, the > parameters inspected would be related to tcp alone. ie timeout ,fin wait > etc.. > > other parametes to tweak are as follows > > block-non-session Block non-session TCP traffic > finwait-time Specify timeout for TCP connections after > a FIN > idle-time Specify idle timeout for tcp connections > max-incomplete Specify max half-open connection per host > reassembly Specify parameters for Out of Order > queue > processing > synwait-time Specify timeout for TCP connections after a > SYN and no further data > > 2. when you enable inspection for http , the traffic would be > inspected for compliance to the RFC standard of the hyper text exchange. > > when you have http inspection these are the parameters that you can > tweak > > you can use a appfw to tweak the inspection of http using the command > > > appfw policy-name asa > application http > > these are the parameters that you can tweak under http > > audit-trail Application HTTP audit-trail > content-length Specify the range of content length > content-type-verification Content-type inspection > default Set a command to its defaults > exit Exit from http-policy configuration mode > max-header-length Maximum header size inspection > max-uri-length Maximum URI length inspection > no Negate a command or set its defaults > port-misuse HTTP port misuse inspection > request-method Request method inspection > strict-http Strict HTTP Compliance > timeout Application HTTP Timeout > transfer-encoding Transfer Encoding inspection > > > hope this helps. > > > > Faisal Bhura > > > -- Regards
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
