Adaptive Security Algorithm Operation
Figure 6-5 illustrates how the stateful-inspection and appliance intelligence works in the Security Appliance.
Conceptually, three basal operational functions are performed:
Access lists: Controlling arrangement admission based on specific networks, hosts, and casework (TCP/UDP port
numbers).
Connections (xlate and conn tables): Maintaining accompaniment advice for anniversary connection. This
information is acclimated by the Adaptive Security Algorithm and cut-through proxy to finer advanced traffic
within accustomed connections.
Inspection Engine: Perform stateful analysis accompanying with application-level analysis functions. These
inspection aphorism sets are predefined to validate appliance acquiescence as per RFC and added standards and
cannot be altered.
Figure 6-5. Adaptive Security Algorithm Operations
[View abounding admeasurement image]
Figure 6-5 is numbered with the operations in the adjustment they action and are abundant as follows:
1. An admission TCP SYN packet arrives on the Security Appliance to authorize a new connection.
2. The Security Appliance checks the admission account database to actuate whether the affiliation is permitted.
The Security Appliance creates a new access in the affiliation database (XLATE and CONN tables) using
the all-important affair information.
3.
4.
3.
The Security Appliance checks the predefined aphorism sets in the analysis agent and in case of well-known
applications, added performs application-level inspection.
4.
At this point, Security Appliance makes a accommodation whether to advanced or bead the packet according to the
findings of the analysis engine. The Security Appliance assiduously the packet to the adapted destination
subject to approval from the appliance analysis engine.
5.
6. The destination arrangement responds to the antecedent appeal abiding the packet.
The Security Appliance receives the acknowledgment packet, performs the inspection, and looks up the affiliation in
the affiliation database to actuate whether the affair advice matches an absolute connection.
7.
8. The Security Appliance assiduously the packet acceptance to an absolute accustomed session.
Table 6-2 lists all the appliance protocols and capacity for which the Security Appliance provides application
layer analysis capability.