Cisco ASA 5506-X Configuration Manual page 18
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 1
Service Policy Using the Modular Policy Framework
Configure Service Policies
If one of the actions you want to perform is application inspection, and you want to perform additional
actions on some inspection traffic, then create an inspection policy map. The inspection policy map
identifies the traffic and specifies what to do with it.
For example, you might want to drop all HTTP requests with a body length greater than 1000 bytes.
Inspection Policy Map Actions
Inspection Class Map/
Match Commands
You can create a self-contained inspection policy map that identifies the traffic directly with match
commands, or you can create an inspection class map for reuse or for more complicated matching. For
example, you could match text within a inspected packets using a regular expression or a group of regular
expressions (a regular expression class map), and target actions based on narrower criteria. For example,
you might want to drop all HTTP requests with a URL including the text "example.com."
Inspection Policy Map Actions
Inspection Class Map/
Match Commands
Regular Expression Statement/
Regular Expression Class Map
See
Defining Actions in an Inspection Policy Map, page 2-4
and
Identifying Traffic in an Inspection
Class Map, page
2-5.
Define the actions you want to perform on each Layer 3/4 class map by creating a Layer 3/4 policy map,
Step 3
as described in
Define Actions (Layer 3/4 Policy Map), page
1-16.
Cisco ASA Series Firewall CLI Configuration Guide
1-12
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
