Cisco FirePOWER ASA 5500 series Configuration Manual page 370
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Special Actions for Application Inspections
highest priority command, so it is matched first, regardless of the order in the policy map. The ftp3 class
map is ranked as being of the same priority as the ftp2 class map, which also contains the match
filename command. They are matched according to the order in the policy map: ftp3 and then ftp2.
class-map inspect type ftp ftp1
match request-cmd get
class-map inspect type ftp ftp2
match filename regex abc
class-map inspect type ftp ftp3
match request-cmd get
match filename regex abc
policy-map type inspect ftp ftp
class ftp3
log
class ftp2
log
class ftp1
log
Step 3
To configure parameters that affect the inspection engine, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
The CLI enters parameters configuration mode. For the parameters available for each application, see
Chapter 25, "Configuring Application Layer Protocol Inspection."
The following is an example of an HTTP inspection policy map and the related class maps. This policy
map is activated by the Layer 3/4 policy map, which is enabled by the service policy.
hostname(config)# regex url_example example.com
hostname(config)# regex url_example2 example2.com
hostname(config)# class-map type regex match-any URLs
hostname(config-cmap)# match regex example
hostname(config-cmap)# match regex example2
hostname(config-cmap)# class-map type inspect http match-all http-traffic
hostname(config-cmap)# match req-resp content-type mismatch
hostname(config-cmap)# match request body length gt 1000
hostname(config-cmap)# match not request uri regex class URLs
hostname(config-cmap)# policy-map type inspect http http-map1
hostname(config-pmap)# class http-traffic
hostname(config-pmap-c)# drop-connection log
hostname(config-pmap-c)# match req-resp content-type mismatch
hostname(config-pmap-c)# reset log
hostname(config-pmap-c)# parameters
hostname(config-pmap-p)# protocol-violation action log
hostname(config-pmap-p)# policy-map test
hostname(config-pmap)# class test
hostname(config-pmap-c)# inspect http http-map1
hostname(config-pmap-c)# service-policy test interface outside
Cisco Security Appliance Command Line Configuration Guide
21-12
Chapter 21
(a Layer 3/4 class map not shown)
Using Modular Policy Framework
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
