Chapter 21
Using Modular Policy Framework
Modular Policy Framework Examples
Applying Inspection to HTTP Traffic Globally
In this example (see
Figure
21-2), any HTTP connection (TCP traffic on port 80) that enters the security
appliance through any interface is classified for HTTP inspection. Because the policy is a global policy,
inspection occurs only as the traffic enters each interface.
Figure 21-2
Global HTTP Inspection
Security
appliance
port 80
insp.
A
port 80 insp.
inside
outside
Host B
Host A
See the following commands for this example:
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80
hostname(config)# policy-map http_traffic_policy
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy http_traffic_policy global
Cisco Security Appliance Command Line Configuration Guide
21-20
OL-12172-03