Defining Actions Using a Layer 3/4 Policy Map
Order in Which Multiple Feature Actions are Applied
The order in which different types of actions in a policy map are performed is independent of the order
in which the actions appear in the policy map. Actions are performed in the following order:
•
Note
•
•
•
•
•
•
Default Layer 3/4 Policy Map
The configuration includes a default Layer 3/4 policy map that the security appliance uses in the default
global policy. It is called global_policy and performs inspection on the default inspection traffic. You
can only apply one global policy, so if you want to alter the global policy, you need to either reconfigure
the default policy or disable it and apply a new one.
The default policy map configuration includes the following commands:
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
Adding a Layer 3/4 Policy Map
The maximum number of policy maps is 64. To create a Layer 3/4 policy map, perform the following
steps:
Cisco Security Appliance Command Line Configuration Guide
21-16
TCP normalization, TCP and UDP connection limits and timeouts, and TCP sequence number
randomization
When a the security appliance performs a proxy service (such as AAA or CSC) or it modifies
the TCP payload (such as FTP inspection), the TCP normalizer acts in dual mode, where it is
applied before and after the proxy or payload modifying service.
CSC
Application inspection
IPS
QoS input policing
QoS output policing
QoS priority queue
Chapter 21
Using Modular Policy Framework
OL-12172-03