Advanced Protocol Handling
Some applications require special handling by the Cisco Security Appliance application
inspection function. These types of applications typically embed IP addressing information
in the user data packet or open secondary channels on dynamically assigned ports. The
application inspection function works with NAT to help identify the location of embedded
addressing information.
In addition to identifying embedded addressing information, the application inspection
function monitors sessions to determine the port numbers for secondary channels. Many
protocols open secondary TCP or UDP ports to improve performance. The initial session on
a well-known port is used to negotiate dynamically assigned port numbers. The application
inspection function monitors these sessions, identifies the dynamic port assignments, and
permits data exchange on these ports for the duration of the specific session. Multimedia
applications and FTP applications exhibit this kind of behavior.