CHAPTER
21-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
21
Using Modular Policy Framework
This chapter describes how to use Modular Policy Framework to create security policies for TCP and
general connection settings, inspections, IPS, CSC, and QoS.
This chapter includes the following sections:
• Modular Policy Framework Overview, page 21-1
• Identifying Traffic Using a Layer 3/4 Class Map, page 21-2
• Configuring Special Actions for Application Inspections, page 21-5
• Defining Actions Using a Layer 3/4 Policy Map, page 21-13
• Applying a Layer 3/4 Policy to an Interface Using a Service Policy, page 21-17
• Modular Policy Framework Examples, page 21-17
Modular Policy Framework Overview
Modular Policy Framework provides a consistent and flexible way to configure security appliance
features. For example, you can use Modular Policy Framework to create a timeout configuration that is
specific to a particular TCP application, as opposed to one that applies to all TCP applications.
Modular Policy Framework supports the following features:
• TCP normalization, TCP and UDP connection limits and timeouts, and TCP sequence number
randomization
• CSC
• Application inspection
• IPS
• QoS input policing
• QoS output policing
• QoS priority queue
Configuring Modular Policy Framework consists of four tasks:
1. Identify the Layer 3 and 4 traffic to which you want to apply actions. See the “Identifying Traffic
Using a Layer 3/4 Class Map” section on page 21-2.
2. (Application inspection only) Define special actions for application inspection traffic. See the
“Configuring Special Actions for Application Inspections” section on page 21-5.
To Next Page
Loading...
Need help?
General