CBAC is the Cisco IOS Firewall feature set—an advanced firewall engine that provides traffic-filtering functionality and can be used as an integral part of the network. The main features of CBAC include the following:
CBAC provides a per-application control mechanism across network perimeters.
CBAC examines the transport layer, network layer, and upper-layer application-protocol information, keeping track of the flows and the state of each session (for example, HTTP, Simple Mail Transfer Protocol (SMTP), and FTP).
CBAC maintains state information for every connection passing through the firewall in a session table (also called the state table). The connection information from the state table is used to make intelligent decisions about whether packets should be permitted or denied, thereby dynamically creating temporary openings in the firewall.
CBAC generates real-time event alerts and audit trails. Alerts and audit trail information can be configured on a per-application protocol basis.
Upon detecting suspicious activity, the real-time event alert feature sends SYSLOG error messages to central management consoles for notification.
Enhanced audit trail features use SYSLOG to track all network transactions used for advance analysis and reporting.
Note
CBAC is being replaced with the new ZFW configuration model in the new Cisco IOS Software releases. ZFW will also be covered in this chapter. All new features will be offered in the new ZFW configuration model. There is no end-of-life plan (as of this writing) for CBAC, but there will be no new features added into CBAC.