Context-Based Access Control (CBAC) intelligently filters TCP and UDP packets based on application layer protocol session information and can be used for intranets, extranets and internets.\u00a0 CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection.<\/p>\n
CBAC can inspect traffic for sessions that originate from either side of the firewall. This is the basic function of a stateful inspection firewall.<\/p>\n
CBAC allows network administrators to implement firewall intelligence as part of an integrated, single-box solution.<\/p>\n
For example, sessions with an extranet partner involving Internet applications, multimedia applications, or Oracle databases would no longer necessitate opening a network doorway accessible via weaknesses in the partner`s network.<\/p>\n
CBAC lets tightly-secured networks run today`s basic application traffic plus advanced applications such as multimedia and video conferencing securely through a router.<\/p>\n
CBAC is a per-application control mechanism for IP traffic including standard TCP and UDP Internet applications, multimedia applications (including H.323 and other video applications), and Oracle databases.<\/p>\n
For example, if CBAC is configured to allow Microsoft NetMeeting, when an internal user initiates a connection, the firewall permits return traffic. However, if an external NetMeeting source initiates a connection with an internal user, CBAC denies entry and drops the packets.<\/p>\n
Configuration<\/strong>:<\/p>\n A basic template for an internet-facing Cisco 1841 with an inside LAN of 192.168.150.0\/24\u00a0 (For an advanced template for an internet router, see here<\/a>).<\/p>\n