Cisco FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series

989 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

25-25

Cisco Security Appliance Command Line Configuration Guide

OL-10088-01

Chapter 25 Configuring Application Layer Protocol Inspection

FTP Inspection

The mask keyword masks out the matching portion of the packet.

The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server

and/or client.

The log keyword, which you can use alone or with one of the other keywords, sends a system log

message.

The rate-limit message_rate argument limits the rate of messages.

You can specify multiple class or match commands in the policy map. For information about the order

of class and match commands, see the “Defining Actions in an Inspection Policy Map” section on

page 21-10.

Step 6 To configure parameters that affect the inspection engine, perform the following steps:

a. To enter parameters configuration mode, enter the following command:

hostname(config-pmap)# parameters

hostname(config-pmap-p)#

b. To configure a local domain name, enter the following command:

hostname(config-pmap-p)# mail-relay domain-name action [drop-connection | log]]

Where the drop-connection action closes the connection. The log action sends a system log

message when this policy map matches traffic.

c. To enforce banner obfuscation, enter the following command:

hostname(config-pmap-p)# mask-banner

The following example shows how to define an ESMTP inspection policy map.

hostname(config)# regex user1 “user1@cisco.com”

hostname(config)# regex user2 “user2@cisco.com”

hostname(config)# regex user3 “user3@cisco.com”

hostname(config)# class-map type regex senders_black_list

hostname(config-cmap)# description “Regular expressions to filter out undesired senders”

hostname(config-cmap)# match regex user1

hostname(config-cmap)# match regex user2

hostname(config-cmap)# match regex user3

hostname(config)# policy-map type inspect esmtp advanced_esmtp_map

hostname(config-pmap)# match sender-address regex class senders_black_list

hostname(config-pmap-c)# drop-connection log

hostname(config)# policy-map outside_policy

hostname(config-pmap)# class inspection_default

hostname(config-pmap-c)# inspect esmtp advanced_esmtp_map

hostname(config)# service-policy outside_policy interface outside

FTP Inspection

This section describes the FTP inspection engine. This section includes the following topics:

• FTP Inspection Overview, page 25-26

• Using the strict Option, page 25-26

Table of Contents

Related product manuals

Preview: Cisco Firepower 2120

Cisco Firepower 2120

Preview: Cisco Firepower 4110

Cisco Firepower 4110

Preview: Cisco Firepower 1100

Cisco Firepower 1100

Preview: Cisco Firepower 1010

Cisco Firepower 1010

Preview: Cisco Firepower 2130

Cisco Firepower 2130

Preview: Cisco Firepower 4100

Cisco Firepower 4100

Cisco Firepower 2110

Cisco Firepower 2140

Preview: Cisco Firepower 4100 Series

Cisco Firepower 4100 Series

Preview: Cisco Firepower 2100 Series

Cisco Firepower 2100 Series

Preview: Cisco Firepower 1100 Series

Cisco Firepower 1100 Series

Preview: Cisco Firepower 1000 Series

Cisco Firepower 1000 Series