Cisco 4700M Configuration Manual page 146
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Application Protocol Inspection Configuration Quick Start Procedures
Table 3-2
Task and Command Example
4.
5.
6.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-22
Layer 7 FTP Request Command Inspection Quick Start
Configure the Layer 7 class map to define FTP request command inspection
decisions through the ACE. The match request command identifies the
FTP commands that you want filtered by the ACE.
host1/Admin(config-cmap-ftp-insp)# match request-method mkdir
host1/Admin(config-cmap-ftp-insp)# exit
host1/Admin(config)#
Create and configure a Layer 7 policy map that enables FTP command
inspection. Specify the actions that you want to apply to the Layer 7
user-defined class map and, if appropriate, to the default class map.
host1/Admin(config)# policy-map type inspect ftp first-match
FTP_INSPECT_L7POLICY
host1/Admin(config-pmap-ftp-ins)# class FTP_INSPECT_L7CLASS
host1/Admin(config-pmap-ftp-ins-c)# deny
host1/Admin(config-pmap-ftp-ins-c)# exit
host1/Admin(config)#
Create a Layer 3 and Layer 4 class map to classify network traffic that
passes through the ACE for FTP command inspection. If you do not specify
match-all or match-any, traffic must match all the match criteria to be
classified as part of the traffic class.
The CLI displays the class map configuration mode.
host1/Admin(config)# class-map match-all FTP_INSPECT_L4CLASS
host1/Admin(config-cmap)#
Include one or more of the match commands as part of the Layer 3 and
Layer 4 class map.
host1/Admin(config-cmap)# description FTP command inspection of
incoming traffic
host1/Admin(config-cmap)# match port tcp eq 21
host1/Admin(config-cmap)# exit
host1/Admin(config)#
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01
Advertisement
Table of Contents
