A number of applications use multiple ports to exchange data. You are surely familiar with the HTTP protocol, which uses port 80. The client transmits data from a randomly chosen higher-level port to the HTTP server's port 80. The HTTP server sources traffic from port 80 to whatever higher-level port the user initiated a connection from. However, applications such as FTP and H.323 use more than one port. One port is used for a control channel, and another port is used for a data channel. To further complicate issues, some applications might redirect a user to an entirely different IP address for a data connection. An application might also redirect a user to an entirely different port to set up a control channel. Additionally, multiple protocols might be used along with multiple data channels. Wow, CBAC must track a lot of information. And CBAC does so by inspecting and monitoring session traffic.
Protocols Supported by CBACCBAC must be told what protocols and applications to inspect. If you do not specify a protocol or applications, CBAC does not inspect the unspecified protocol or applications. For example, if you configure CBAC inspection for SMTP but not CBAC inspection for TCP, CBAC inspects SMTP only and not generic TCP sessions. If it does not perform the inspection, CBAC does not populate the state table entries or create dynamic ACEs. If you configure CBAC to inspect nonspecific TCP or UDP traffic, then all TCP or UDP single-channel session traffic is inspected. CBAC can also inspect specific application layer protocols, including some multichannel protocols. Currently, CBAC inspects the following protocols in addition to generic TCP and UDP:
|