This chapter captures the modular policy used in IOS with reference to the FWSM. In FWSM, application engines are associated in modular policy. User-defined functions can be added to the default policy enabled by default and applied to all interfaces. Interface policy-map will take precedence over global policy-map, when applied to the interface.

Figure 11-3 Modular Policy Configuration in FWSM

Figure 11-3 Modular Policy Configuration in FWSM

Policy Map

Class-Map Class A Action

Class-Map Class B Action

Class-Map Class X Action

Service Policy Can Be Applied:

1. Globally on the FWSM

2. On Interface Basis

Step 1

class-map TEST2

match port tcp range 1 65535

class-map TEST1

match port udp eq snmp-status class-map inspection_default match default-inspection-traffic

Step 2

policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect skinny inspect smtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp class TEST1

set connection conn-max 10 0

set connection timeout tcp 0:00:00

class TEST1

inspect snmp

Step 3

service-policy global_policy global

Part iii

0 0

Post a comment