12-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 12 Getting Started with Application Layer Protocol Inspection
Configure Application Layer Protocol Inspection
Note If you are editing the default global policy (or any in-use policy) to use a different inspection
policy map, you must remove the old inspection with the no inspect protocol command, and then
re-add it with the new inspection policy map name.
Step 6 To activate the policy map on one or more interfaces, enter the following command:
hostname(config)# service-policy policymap_name {global | interface interface_name}
scansafe [map_name] [fail-open |
fail-closed]
If you want to enable ScanSafe (Cloud Web Security), use
the procedure described in the following topic rather than
this procedure: Configure a Service Policy to Send Traffic to
Cloud Web Security, page 8-9. The cited procedure explains
the full policy configuration, including how to configure the
policy inspection map.
sip [map_name]
[tls-proxy proxy_name]
See SIP Inspection, page 14-22.
If you added a SIP inspection policy map according to
Configure SIP Inspection Policy Map, page 14-24, identify
the map name in this command. Specify a TLS proxy to
enable inspection of encrypted traffic.
skinny [map_name]
[tls-proxy proxy_name]
See Skinny (SCCP) Inspection, page 14-30.
If you added a Skinny inspection policy map according to
Configure a Skinny (SCCP) Inspection Policy Map for
Additional Inspection Control, page 14-32, identify the map
name in this command. Specify a TLS proxy to enable
inspection of encrypted traffic.
snmp [map_name] See SNMP Inspection, page 15-16.
If you added an SNMP inspection policy map, identify the
map name in this command.
sqlnet See SQL*Net Inspection, page 15-18.
sunrpc See Sun RPC Inspection, page 15-19.
The default class map includes UDP port 111; if you want to
enable Sun RPC inspection for TCP port 111, you need to
create a new class map that matches TCP port 111, add the
class to the policy, and then apply the inspect sunrpc
command to that class.
tftp See TFTP Inspection, page 13-45.
waas Enables TCP option 33 parsing. Use when deploying Cisco
Wide Area Application Services products.
xdmcp See XDMCP Inspection, page 15-21.
vxlan See VXLAN Inspection, page 15-22.
Table 12-2 Protocol Keywords
Keywords Notes
To Next Page
Loading...
Need help?
General
