Educause Security Discussion mailing list archives
Re: Cisco ASA Firewall Inspect Commands
From: "Consolvo, Corbett D" <cc72 () TXSTATE EDU>
Date: Wed, 22 Jul 2009 09:12:33 -0500
We turned it on and figured out we were dropping what looked to be legitimate messages. We put in a TAC case and the case ended up getting closed because none of their email responses reached us (ASA was dropping them) so we never responded to their requests. A little awkward. We have left the inspection off for now and are confident in our other few layers of SMTP protection. We do not do any URL filtering. Thanks, Corbett Consolvo Texas State University -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis Bohn Sent: Wednesday, July 22, 2009 8:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cisco ASA Firewall Inspect Commands Hello, We are upgrading our firewalls from PIX to ASA (8.2 code). Has anyone left the default 'inspect' commands in place? We are particularly concerned around 'inspect esmtp' and 'inspect dns.' The old fixup smtp did not work for us, we are wondering how the inspect esmtp command works (or not). Did anyone try it and lose email? Though the HTTP inspect is not default, I am wondering if anyone has found it useful. Are the regular expressions being used to block certain URLs? Also welcome hearing about any issues with the ASA 8.x code train. TIA, dennis Dennis Bohn network manager 5168773327
Current thread:
- Cisco ASA Firewall Inspect Commands Dennis Bohn (Jul 22)
- <Possible follow-ups>
- Re: Cisco ASA Firewall Inspect Commands Di Fabio, Andrea (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands Consolvo, Corbett D (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands John Sanders (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands Kevin Halgren (Jul 22)