CBAC can be enabled to inspect all TCP and UDP sessions, regardless of the application-layer protocol. This method is called single-channel, or generic, TCP/UDP inspection. For TCP/UDP generic inspection to work, the return traffic must have the same source/destination IP address and port numbers. It must also be within the sequence number window. If the port number changes, the packet will be dropped.
In addition, CBAC can specifically inspect individual application-layer protocols to maintain the connection information for each session. Application-layer protocol inspection takes precedence over the TCP or UDP protocol inspection. The following application-layer protocols are supported and can be configured for CBAC inspection:
CU-SeeMe
FTP
H.323 (such as NetMeeting)
HTTP (Java blocking)
ICMP
Microsoft NetShow
RealAudio
RTSP (Real-Time Streaming Protocol)
RPC (Sun RPC, not DCE RPC)
SMTP (Simple Mail Transport Protocol)
ESMTP (Extended Simple Mail Transport Protocol)
SQL*Net
StreamWorks
TFTP
UNIX R-commands (such as rlogin, rexec, and rsh)
VDOLive