Cisco Cisco Web Security Appliance S380 User Guide
C H A P T E R
21-1
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
21
L4 Traffic Monitor
This chapter contains the following information:
•
•
•
•
About L4 Traffic Monitor
The Web Security appliance has an integrated Layer-4 Traffic Monitor that detects
rogue traffic across all network ports and stops malware attempts to bypass port
80. Additionally, when internal clients are infected with malware and attempt to
phone-home across non-standard ports and protocols, the L4 Traffic Monitor
prevents phone-home activity from going outside the corporate network.
rogue traffic across all network ports and stops malware attempts to bypass port
80. Additionally, when internal clients are infected with malware and attempt to
phone-home across non-standard ports and protocols, the L4 Traffic Monitor
prevents phone-home activity from going outside the corporate network.
How the L4 Traffic Monitor Works
The L4 Traffic Monitor listens to network traffic that comes in over all ports on
the appliance and matches domain names, and IP addresses against entries in its
own database tables to determine whether to allow incoming and outgoing traffic.
the appliance and matches domain names, and IP addresses against entries in its
own database tables to determine whether to allow incoming and outgoing traffic.
All web destinations fall under one of the following categories: