Cisco ASA 5505 Configuration Manual page 615
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 29
Configuring a Service Policy
See the
To configure connection settings, see the
Step 10
Click Finish.
Step 11
Managing the Order of Service Policy Rules
The order of service policy rules on an interface or in the global policy affects how actions are applied
to traffic. See the following guidelines for how a packet matches rules in a service policy:
•
•
•
For example, if a packet matches a rule for connection limits, and also matches a rule for application
inspection, then both rule actions are applied.
If a packet matches a rule for application inspection, but also matches another rule that includes
application inspection, then the second rule actions are not applied.
If your rule includes an access list with multiple ACEs, then the order of ACEs also affects the packet
flow. The FWSM tests the packet against each ACE in the order in which the entries are listed. After a
match is found, no more ACEs are checked. For example, if you create an ACE at the beginning of an
access list that explicitly permits all traffic, no further statements are ever checked.
To change the order of rules or ACEs within a rule, perform the following steps:
From the Configuration > Firewall > Service Policy Rules pane, choose the rule or ACE that you want
Step 1
to move up or down.
Step 2
Click the Move Up or Move Down cursor (see
Figure 29-1
OL-20339-01
"Supported Features for Management Traffic" section on page 29-2
A packet can match only one rule in a service policy for each feature type.
When the packet matches a rule that includes actions for a feature type, the adaptive security
appliance does not attempt to match it to any subsequent rules including that feature type.
If the packet matches a subsequent rule for a different feature type, however, then the adaptive
security appliance also applies the actions for the subsequent rule.
Moving an ACE
Managing the Order of Service Policy Rules
"Configuring Connection Settings" section on page
Figure
29-1).
Cisco ASA 5500 Series Configuration Guide using ASDM
for more information.
48-8.
29-15
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
