11-12
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Service Policy Using the Modular Policy Framework
Configure Service Policies
You can create a self-contained inspection policy map that identifies the traffic directly with match
commands, or you can create an inspection class map for reuse or for more complicated matching. For
example, you could match text within a inspected packets using a regular expression or a group of regular
expressions (a regular expression class map), and target actions based on narrower criteria. For example,
you might want to drop all HTTP requests with a URL including the text “example.com.”
See Configure Application Layer Protocol Inspection, page 12-9.
Step 3 Define the actions you want to perform on each Layer 3/4 class map by creating a Layer 3/4 policy map,
as described in Define Actions (Layer 3/4 Policy Map), page 11-16.
Step 4 Determine on which interfaces you want to apply the policy map, or apply it globally, as described in
Apply Actions to an Interface (Service Policy), page 11-17.
Regular Expression Statement/
Regular Expression Class Map
Inspection Class Map/
Match Commands
Inspection Policy Map Actions
241509
Inspection
Connection Limits
Layer 3/4 Policy Map
Service Policy
IPS
Inspection
Connection Limits
241508
To Next Page
Loading...
Need help?
General
