Network protocols maintain certain data, called state information, at each end of a network connection
stateful inspection
between two hosts. State information is necessary to implement the features of a protocol, such as
guaranteed packet delivery, data sequencing, flow control, and transaction or session IDs. Some of the
protocol state information is sent in each packet while each protocol is being used. For example, a
browser connected to a web server uses
maintains state information in the packets it sends and receives. The FWSM and some other firewalls
inspect the state information in each packet to verify that it is current and valid for every protocol it
contains. This is called stateful inspection and is designed to create a powerful barrier to certain types
of computer security threats.
Static Port Address Translation. Static PAT is a static address that also maps a local port to a global
Static PAT
port. See also
See mask.
subnetmask
The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an
SVC
IPSec VPN client without the need for network administrators to install and configure IPSec VPN
clients on remote computers. The SVC uses the SSL encryption that is already present on the remote
computer and the WebVPN login and authentication of the security appliance.
Switched virtual interface. An SVI is a VLAN assigned to the MSFC.
SVI
T
Terminal Access Controller Access Control System Plus. A client-server protocol that supports
TACACS+
services, including command authorization. See also AAA, RADIUS.
Telephony Application Programming Interface. A programming interface in Microsoft Windows that
TAPI
supports telephony functions.
Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable
TCP
full-duplex data transmission.
With the TCP intercept feature, once the optional embryonic connection limit is reached, and until the
TCP Intercept
embryonic connection count falls below this threshold, every SYN bound for the effected server is
intercepted. For each SYN, the FWSM responds on behalf of the server with an empty SYN/ACK
segment. The FWSM retains pertinent state information, drops the packet, and waits for the client
acknowledgment. If the ACK is received, then a copy of the client SYN segment is sent to the server
and the
handshake completes, may the connection resume as normal. If the client does not respond during any
part of the connection phase, then the FWSM retransmits the necessary segment using exponential
back-offs.
Tag Distribution Protocol. TDP is used by tag switching devices to distribute, request, and release tag
TDP
binding information for multiple network layer protocols in a tag switching network. TDP does not
replace routing protocols. Instead, it uses information learned from routing protocols to create tag
bindings. TDP is also used to open, monitor, and close TDP sessions and to indicate errors that occur
during those sessions. TDP operates over a connection-oriented transport layer protocol with
guaranteed sequential delivery (such as TCP). The use of TDP does not preclude the use of other
mechanisms to distribute tag binding information, such as piggybacking information on other
protocols.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Dynamic
PAT, NAT.
TCP
three-way handshake is performed between the FWSM and the server. If this three-way
HTTP
and supporting TCP/IP protocols. Each protocol layer
Glossary
AAA
GL-19