Which statement about application inspection of SAF network services on an adaptive
security appliance is true?
A.
The adaptive security appliance can inspect and learn the ephemeral port numbers that are used
By H.225 and H.245 on SAF-enabled H.323 trunks.
B.
An explicit ACL must be configured on the adaptive security appliance for SAF-enabled SIP trunks.
C.
An explicit ACL must be configured on the adaptive security appliance for SAF-enabled H.323 trunks
to account for ephemeral port numbers that are used by H.225 and H.245.
D.
The adaptive security appliance can inspect and learn the ephemeral port numbers that are used
by H.225 on SAF-enabled H.323 trunks, but H.245 ports must be explicitly defined.
E.
The adaptive security appliance provides full application inspection for SAF network services.
Explanation:
The Adaptive Security Appliances do not have application inspection for the SAF network
service. When Unified CM uses a SAF-enabled H.323 trunk to place a call, the ASA cannot
inspect the SAF packet to learn the ephemeral port number used in the H.225 signalling.
Therefore, in scenarios where call traffic from SAF-enabled H.323 trunks traverses the ASAs,
ACLs must be configured on the ASAs to allow this signaling traffic. The ACL configuration
must account for all the ports used by the H.225 and H.245 signaling.