EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #465 background imageLoading...
Page #465 background image
25-47
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 25 Configuring Application Layer Protocol Inspection
Instant Messaging Inspection
Step 7 To configure parameters that affect the inspection engine, perform the following steps:
a. To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
b. To check for HTTP protocol violations, enter the following command:
hostname(config-pmap-p)# protocol-violation [action [drop-connection | reset | log]]
Where the drop-connection action closes the connection. The reset action closes the connection
and sends a TCP reset to the client. The log action sends a system log message when this policy map
matches traffic.
c. To substitute a string for the server header field, enter the following command:
hostname(config-pmap-p)# spoof-server string
Where the string argument is the string to substitute for the server header field.
The following example shows how to define an HTTP inspection policy map that will allow and log any
HTTP connection that attempts to access “www\.xyz.com/.*\.asp" or "www\.xyz[0-9][0-9]\.com" with
methods "GET" or "PUT." All other URL/Method combinations will be silently allowed.
hostname(config)# class-map type regex match-any url_to_log
hostname(config-cmap)# match regex “www\.xyz.com/.*\.asp"
hostname(config-cmap)# match regex “www\.xyz[0-9][0-9]\.com”
hostname(config-cmap)# exit
hostname(config)# class-map type regex match-any methods_to_log
hostname(config-cmap)# match regex “GET”
hostname(config-cmap)# match regex “PUT”
hostname(config-cmap)# exit
hostname(config)# class-map type http http_url_policy
hostname(config-cmap)# match request url regex class url_to_log
hostname(config-cmap)# match request method regex class methods_to_log
hostname(config-cmap)# exit
hostname(config)# policy-map type http http_policy
hostname(config-pmap)# class http_url_policy
hostname(config-pmap-c)# log
Instant Messaging Inspection
This section describes the IM inspection engine. This section includes the following topics:
IM Inspection Overview, page 25-48
Configuring an Instant Messaging Inspection Policy Map for Additional Inspection Control, page
25-48

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals