Thanks Kings Regards Anantha Subramanian Natarajan
On Fri, Sep 24, 2010 at 1:20 AM, Kingsley Charles < [email protected]> wrote: > It seems that for some application inspections are not bidirectional. For > example the ASA applies http and ftp filtering for outbound connections and > not for > inbound. It's ASA limitation. > > > Snippet from > http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intparam.html#wp1057744 > > Inspection engines—Some application inspection engines are dependent on the > security level. For same security interfaces, inspection engines apply to > traffic in either direction. > > NetBIOS inspection engine—Applied only for outbound connections. > > SQL*Net inspection engine—If a control connection for the SQL*Net (formerly > OraServ) port exists between a pair of hosts, then only an inbound data > connection is permitted through the security appliance. > > Filtering—HTTP(S) and FTP filtering applies only for outbound connections > (from a higher level to a lower level). > > If you enable communication for same security interfaces, you can filter > traffic in either direction. > > > > With regards > > Kings > > > On Wed, Sep 22, 2010 at 10:00 PM, Anantha Subramanian Natarajan < > [email protected]> wrote: > >> Hi All, >> >> Was going through the Cisco ASA config guide and understanding that *some >> *application inspection engines are dependent on the security level.I am >> trying to understand the relation between inspection engines and the >> security-level and also why only some application inspection engine depends >> on the security level. >> >> If you could explain or point to me a proper documentation,would really >> appreciate that. >> >> Regards >> Anantha Subramanian Natarajan >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
