29-7
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 29 Configuring a Service Policy
Default Settings
This limit also includes default traffic classes of all types. See the “Default Traffic Classes” section on
page 29-8.
Service Policy Guidelines
• Interface service policies take precedence over the global service policy for a given feature. For
example, if you have a global policy with FTP inspection, and an interface policy with TCP
normalization, then both FTP inspection and TCP normalization are applied to the interface.
However, if you have a global policy with FTP inspection, and an interface policy with FTP
inspection, then only the interface policy FTP inspection is applied to that interface.
• You can only apply one global policy. For example, you cannot create a global policy that includes
feature set 1, and a separate global policy that includes feature set 2. All features must be included
in a single policy.
Default Settings
The following topics describe the default settings for Modular Policy Framework:
• Default Configuration, page 29-7
• Default Traffic Classes, page 29-8
Default Configuration
By default, the configuration includes a policy that matches all default application inspection traffic and
applies certain inspections to the traffic on all interfaces (a global policy). Not all inspections are enabled
by default. You can only apply one global policy, so if you want to alter the global policy, you need to
either edit the default policy or disable it and apply a new one. (An interface policy overrides the global
policy for a particular feature.)
The default policy includes the following application inspections:
• DNS inspection for the maximum message length of 512 bytes
• FTP
• H323 (H225)
• H323 (RAS)
• RSH
• RTSP
• ESMTP
• SQLnet
• Skinny (SCCP)
• SunRPC
• XDMCP
• SIP
• NetBios
• TFTP
To Next Page
Loading...
Need help?
General
