Monitoring Service Policies; Examples For Service Policies (Modular Policy Framework) - Cisco ASA Series Configuration Manual

Monitoring Service Policies

Examples
For example, the following command enables the inbound_policy policy map on the outside interface:
hostname(config)# service-policy inbound_policy interface outside
The following commands disable the default global policy, and enables a new one called
new_global_policy.
hostname(config)# no service-policy global_policy global
hostname(config)# service-policy new_global_policy global
Monitoring Service Policies
To monitor service policies, enter the following command:
•

Examples for Service Policies (Modular Policy Framework)

This section includes several Modular Policy Framework examples.
•
•
•
•
Applying Inspection and QoS Policing to HTTP Traffic
In this example, any HTTP connection (TCP traffic on port 80) that enters or exits the ASA through the
outside interface is classified for HTTP inspection. Any HTTP traffic that exits the outside interface is
classified for policing.
Figure 11-1
A
Host A
See the following commands for this example:
hostname(config)# class-map http_traffic
Cisco ASA Series Firewall CLI Configuration Guide
11-18
show service-policy
Displays the service policy statistics.
Applying Inspection and QoS Policing to HTTP Traffic, page 11-18
Applying Inspection to HTTP Traffic Globally, page 11-19
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers, page 11-19
Applying Inspection to HTTP Traffic with NAT, page 11-20
HTTP Inspection and QoS Policing
appliance
inside
Chapter 11
Security
insp.
port 80
police
port 80
insp.
outside
Service Policy Using the Modular Policy Framework
Host B