Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gmiretzky
Explorer

Where can i get information about Protocol Inspection

Hi,

I am using R80.10 and i am a little confused about the protocol inspection feature and would like to get some information about it.
I am trying to figure out what is the difference and how is related to the inspection feature ?
When i create a new service , i can configure it with a protocol , for example , TCP_4430 will be a TCP port of 4430 , but configured with HTTP protocol . This is (af far as i understand) call Protocol Inspection feature . Is that right ? Is there a list of protocol that this feature support ? Is it only TCP & UDP ? Can it be (for example) IGMP ? or VRRP ?

The other feature , is the Inspection settings , where you have 1 profile per gateway , and you can configure Allow or DROP for a list of protocol issues.

How this two features are related ? For example, if i configure TCP port 4430 , but i will not configure it as HTTP protocol , will it still be inspected as HTTP under the second inspection settings ? The question is , are this two features related ?

Also, is there a "good" filter for searching and finding logs related to inspection settings? and to protocol settings ? As far as i could see, it is not under any Blade and it is not part of IPS and there is no way to filter/search for this logs.

Any help will be much appreciated.

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Both settings are basically “firewall” functions.
The Inspection Settings are more “protocol anomaly” related whereas the settings in a specific service are more like a “make sure it’s this kind of traffic before allowing it.”

Note that for HTTP type traffic, there is an additional setting that must be configured to ensure that port is used anytime “web browsing” is referred to.

0 Kudos