TAILIEUCHUNG - Configuring Application Inspection (Fixup)

The Adaptive Security Algorithm (ASA), used by the PIX Firewall for stateful application inspection, ensures the secure use of applications and services. Some applications require special handling by the PIX Firewall application inspection function. Applications that require special application inspection functions are those that embed IP addressing information in the user data packet or open secondary channels on dynamically assigned ports. | CHAPTER 4 Configuring Application Inspection Fixup This chapter describes how to use and configure application inspection which is often called fixup because you use the fixup command to configure it. This chapter includes the following sections How Application Inspection Works Using the fixup Command Basic Internet Protocols Voice Over IP Multimedia Applications Database and Directory Support Management Protocols How Application Inspection Works The Adaptive Security Algorithm ASA used by the PIX Firewall for stateful application inspection ensures the secure use of applications and services. Some applications require special handling by the PIX Firewall application inspection function. Applications that require special application inspection functions are those that embed IP addressing information in the user data packet or open secondary channels on dynamically assigned ports. The application inspection function works with NAT to help identify the location of embedded addressing information. This allows NAT to translate these embedded addresses and to update any checksum or other fields that are affected by the translation. The application inspection function also monitors sessions to determine the port numbers for secondary channels. Many protocols open secondary TCP or UDP ports to improve performance. The initial session on a well-known port is used to negotiate dynamically assigned port numbers. The application inspection function monitors these sessions identifies the dynamic port assignments and permits data exchange on these ports for the duration of the specific session. As illustrated in Figure 4-1 ASA uses three databases for its basic operation Access control lists ACLs Used for authentication and authorization of connections based on specific networks hosts and services TCP UDP port numbers . Inspections Contains a static pre-defined set of application-level inspection functions. Connections XLATE and CONN tables Maintains state and other information

• Quản trị mạng
• công nghệ thông tin
• tin học
• mạng
• internet
• quản trị mạng
• hệ điều hành
• virus
• Dự thảo về Công nghệ thông tin
• Phát triển Công nghệ thông tin
• Ngành công nghiệp công nghệ thông tin
• Mục tiêu phát triển công nghệ thông tin
• Luật công nghệ thông tin
• Quản trị dự án công nghệ thông tin
• Ý tưởng dự án công nghệ thông tin
• Hoạch đinh chiến lược
• Tổ chức dự án
• Quản trị dự án công nghệ thông tin
• Lập kế hoạch dự án
• Quy trình quản lý dự án
• Ứng dụng công nghệ thông tin
• Công nghệ thông tin trong dạy tin học
• Thiết kế bài giảng điện tử
• Kỹ thuật chèn hình
• Kỹ thuật tạo hiệu ứng
• Cách làm slide thuyết trình
• Hiệu ứng Powerpoint
• web
• quản trị mạngcông nghệ thông tin