Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

24-18

Cisco ASDM User Guide

OL-16647-01

Chapter 24 Configuring Application Layer Protocol Inspection

NetBIOS Inspection

• Verifies that client to server MMP content lengths are not exceeded. If an entity content length is

exceeded (4096), the TCP session is terminated.

Note 4096 is the value currently used in MMP implementations.

Since MMP headers and entities can be split across packets, the security appliance buffers data to ensure

consistent inspection. The SAPI (stream API) handles data buffering for pending inspection

opportunities. MMP header text is treated as case insensitive and a space is present between header text

and values. Reclaiming of MMP state is performed by monitoring the state of the TCP connection.

Timeouts for these connections follow existing configurable values via the timeout command.

MMP inspection is disabled by default. When enabled, MMP inspection operates on TCP destination and

source port 5443.

Configuring MMP Inspection for a TLS Proxy

Use the Add Service Policy Rule Wizard - Rule Actions dialog box to configure MMP protocol

inspection.

This wizard is available from the Configuration > Firewall > Service Policy Rules > Add > Add Service

Policy Rule Wizard - Rule Actions dialog box.

Step 1 Open the Add Service Policy Rule Wizard by selecting Configuration > Firewall > Service Policy Rules

> Add. Perform the steps to complete the Service Policy, Traffic Classification Criteria, and Traffic

Match - Destination Port pages of the wizard. See Adding a Service Policy Rule for Through Traffic,

page 22-6.

The Add Service Policy Rule Wizard - Rule Actions dialog box opens.

Step 2 Check the MMP check box.

Step 3 Click Configure beside to the MMP check box. The Configure TLS Proxy dialog box opens.

Step 4 Perform one of the following:

Select the TLS Proxy for which you are enabling MMP protocol inspection.

Click Manage to create a new TLS Proxy Instance. The Configure TLS Proxy dialog box opens. See

Configure TLS Proxy Pane, page 19-19.

Step 5 Click OK.

Step 6 Click Finish.

NetBIOS Inspection

NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the

NetBios name service (NBNS) packets according to the security appliance NAT configuration.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual