Packet Inspection
CBAC performs per-protocol inspection. Each agreement that requires analysis is alone enabled, and an
interface and interface administration (in or out) is defined area analysis originates. Alone the defined protocols
will be inspected by CBAC. All added protocols abide uninterrupted, accountable to added router processes—for
example, NAT, routing, and ACL.
Packets entering the firewall are accountable to analysis alone if they aboriginal canyon the entering admission account at the input
interface and outbound admission account at the achievement interface. If a packet is denied by the admission list, the packet is
simply alone after CBAC analysis performed.
For TCP agreement inspection, CBAC keeps clue of arrangement numbers in all TCP packets. Packets with sequence
numbers that are not aural the accepted ranges are dropped.