Cisco 4700M Configuration Manual page 131

Chapter 3 Configuring Application Protocol Inspection
You configure rules for application protocol inspection through class maps, policy
maps, and service policies. The following items summarize the role of each
function in configuring application protocol inspection:
•
•
•
•
•
Figure 3-1
and policy maps to perform application protocol inspection. The flow chart also
shows how the ACE associates the various components of the class map and
policy map configuration with each other.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Layer 7 class map—Provides the Layer 7 network traffic classification to
identify protocol inspection attributes (such as the HTTP header and the
URL) and FTP request commands.
Layer 7 policy map—Configures the applicable match statements and actions
that the ACE executes on the network traffic that matches the classifications
defined in the Layer 7 class map.
Layer 3 and Layer 4 class map—Classifies the network traffic that passes
through the ACE for application inspection and matches the traffic associated
with the specified inspect commands in a policy map.
Layer 3 and Layer 4 policy map—Enables DNS, FTP, HTTP, ICMP, ILS,
RTSP, SCCP, and SIP protocol inspection and FTP command inspection for a
traffic classification that matches the criteria listed in the class map.
Service policy—Activates the policy map and attaches the traffic policy to a
VLAN interface or globally on all VLAN interfaces.
provides an overview of the process required to configure class maps
Application Protocol Inspection Overview
3-7