Name: Cisco ASA 5508-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

13-8

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 13 Inspection of Basic Internet Protocols

FTP Inspection

Examples

The following example shows a how to use a new inspection policy map in the global default

configuration:

policy-map global_policy

class inspection_default

no inspect dns preset_dns_map

inspect dns new_dns_map

service-policy global_policy global

Monitoring DNS Inspection

To view information about the current DNS connections, enter the following command:

hostname# show conn

For connections using a DNS server, the source port of the connection may be replaced by the IP address

of the DNS server in the show conn command output.

A single connection is created for multiple DNS sessions, as long as they are between the same two

hosts, and the sessions have the same 5-tuple (source/destination IP address, source/destination port, and

protocol). DNS identification is tracked by app_id, and the idle timer for each app_id runs

independently.

Because the app_id expires independently, a legitimate DNS response can only pass through the security

appliance within a limited period of time and there is no resource build-up. However, when you enter the

show conn command, you see the idle timer of a DNS connection being reset by a new DNS session.

This is due to the nature of the shared DNS connection and is by design.

To display the statistics for DNS application inspection, enter the show service-policy command. The

following is sample output from the show service-policy command:

hostname# show service-policy

Interface outside:

Service-policy: sample_policy

Class-map: dns_port

Inspect: dns maximum-length 1500, packet 0, drop 0, reset-drop 0

FTP Inspection

The following sections describe the FTP inspection engine.

• FTP Inspection Overview, page 13-8

• Strict FTP, page 13-9

• Configure FTP Inspection, page 13-10

• Verifying and Monitoring FTP Inspection, page 13-14

FTP Inspection Overview

The FTP application inspection inspects the FTP sessions and performs four tasks:

• Prepares dynamic secondary data connection

Other manuals for Cisco ASA 5508-X

Manual14 pages

Easy Setup Guide11 pages

Hardware Installation Guide32 pages

Mount And Connect6 pages

Quick Start Guide8 pages

Software Guide37 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASA 5508-X and is the answer not in the manual?

Cisco ASA 5508-X Specifications

General

Maximum VPN Sessions	250
Power Supply	Internal
IPsec VPN Throughput	250 Mbps
USB 2.0	1
Memory	4 GB
Flash Memory	8 GB
AC Input	100-240 VAC
VPN Throughput	250 Mbps
Maximum VLANs	100
Operating Temperature	32 to 104°F (0 to 40°C)
Storage Temperature	-13 to 158°F (-25 to 70°C)
Ports	8 x 1GE
Security Contexts	2
New Connections per Second	20, 000
Management Interface	1 x GE
Frequency	50-60 Hz
New Sessions per Second	20, 000
Humidity	5% to 95% non-condensing