Adding A Layer 3/4 Policy Map - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 21
Using Modular Policy Framework
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
Adding a Layer 3/4 Policy Map
The maximum number of policy maps is 64. To create a Layer 3/4 policy map, perform the following
steps:
Add the policy map by entering the following command:
Step 1
hostname(config)# policy-map policy_map_name
The policy_map_name argument is the name of the policy map up to 40 characters in length. All types
of policy maps use the same name space, so you cannot reuse a name already used by another type of
policy map. The CLI enters policy-map configuration mode.
(Optional) Specify a description for the policy map:
Step 2
hostname(config-pmap)# description text
Specify a previously configured Layer 3/4 class map using the following command:
Step 3
hostname(config-pmap)# class class_map_name
See the
Specify one or more actions for this class map.
Step 4
•
•
•
•
•
•
Repeat
Step 5
OL-10088-01
"Identifying Traffic Using a Layer 3/4 Class Map" section on page 21-2
IPS. See the
"Diverting Traffic to the AIP SSM" section on page
CSC. See the
"Diverting Traffic to the CSC SSM" section on page
TCP normalization. See the
TCP and UDP connection limits and timeouts, and TCP sequence number randomization. See the
"Configuring Connection Limits and Timeouts" section on page
QoS policing and QoS priority. See
Application inspection. See
If there is no match default_inspection_traffic command in a class map, then at most one
Note
inspect command is allowed to be configured under the class.
Step 3
and
Step 4
for each class map you want to include in this policy map.
"Configuring TCP Normalization" section on page
Chapter 24, "Applying QoS Policies."
Chapter 25, "Configuring Application Layer Protocol Inspection."
Cisco Security Appliance Command Line Configuration Guide
Defining Actions Using a Layer 3/4 Policy Map
to add a class map.
22-2.
22-11.
23-1.
23-4.
21-15
Advertisement
Table of Contents
Troubleshooting
