EasyManua.ls Logo

Cisco FirePOWER ASA 5500 series - Adding a Layer 3;4 Policy Map

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
21-15
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 21 Using Modular Policy Framework
Defining Actions Using a Layer 3/4 Policy Map
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
Adding a Layer 3/4 Policy Map
The maximum number of policy maps is 64. To create a Layer 3/4 policy map, perform the following
steps:
Step 1 Add the policy map by entering the following command:
hostname(config)# policy-map policy_map_name
The policy_map_name argument is the name of the policy map up to 40 characters in length. All types
of policy maps use the same name space, so you cannot reuse a name already used by another type of
policy map. The CLI enters policy-map configuration mode.
Step 2 (Optional) Specify a description for the policy map:
hostname(config-pmap)# description text
Step 3 Specify a previously configured Layer 3/4 class map using the following command:
hostname(config-pmap)# class class_map_name
See the “Identifying Traffic Using a Layer 3/4 Class Map” section on page 21-2 to add a class map.
Step 4 Specify one or more actions for this class map.
IPS. See the “Diverting Traffic to the AIP SSM” section on page 22-2.
CSC. See the “Diverting Traffic to the CSC SSM” section on page 22-11.
TCP normalization. See the “Configuring TCP Normalization” section on page 23-1.
TCP and UDP connection limits and timeouts, and TCP sequence number randomization. See the
“Configuring Connection Limits and Timeouts” section on page 23-4.
QoS policing and QoS priority. See Chapter 24, “Applying QoS Policies.”
Application inspection. See Chapter 25, “Configuring Application Layer Protocol Inspection.”
Note If there is no match default_inspection_traffic command in a class map, then at most one
inspect command is allowed to be configured under the class.
Step 5 Repeat Step 3 and Step 4 for each class map you want to include in this policy map.

Table of Contents

Related product manuals