Educause Security Discussion mailing list archives

Re: Cisco ASA Firewall Inspect Commands

From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Wed, 22 Jul 2009 09:53:23 -0400

We removed the esmtp after realizing it was dropping legitimate emails left
and right even after some fine tuning of the inspect properties.  We use the
dns unmodified without any issues.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis Bohn
Sent: Wednesday, July 22, 2009 9:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco ASA Firewall Inspect Commands

Hello,
We are upgrading our firewalls from PIX  to ASA (8.2 code).  Has anyone left
the default 'inspect' commands in place?  We are particularly concerned
around 'inspect esmtp' and 'inspect dns.'  The old fixup smtp did not work
for us, we are wondering how the inspect esmtp command works (or not).   Did
anyone try it and lose email?

Though the HTTP inspect is not default, I am wondering if anyone has found
it useful.  Are the regular expressions being used to block certain URLs?

Also welcome hearing about any issues with the ASA 8.x code train.

TIA,
dennis

Dennis Bohn
network manager
5168773327

Attachment: smime.p7s
Description:

Current thread:

Cisco ASA Firewall Inspect Commands Dennis Bohn (Jul 22)
- <Possible follow-ups>
- Re: Cisco ASA Firewall Inspect Commands Di Fabio, Andrea (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands Consolvo, Corbett D (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands John Sanders (Jul 22)
- Re: Cisco ASA Firewall Inspect Commands Kevin Halgren (Jul 22)