Default Global Policy; Identifying Traffic Using A Layer 3/4 Class Map - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Default Global Policy

By default, the configuration includes a policy that matches all default application inspection traffic and

applies certain inspections to the traffic on all interfaces (a global policy). Not all inspections are enabled

by default. You can only apply one global policy, so if you want to alter the global policy, you need to

either edit the default policy or disable it and apply a new one. (An interface policy overrides the global

The default policy configuration includes the following commands:

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect h323 h225

inspect h323 ras

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect netbios

inspect tftp

service-policy global_policy global

Identifying Traffic Using a Layer 3/4 Class Map

A Layer 3/4 class map identifies Layer 3 and 4 traffic to which you want to apply actions. The maximum

number of Layer 3/4 class maps is 255 in single mode or per context in multiple mode. The configuration

includes a default Layer 3/4 class map that the security appliance uses in the default global policy. It is

called inspection_default and matches the default inspection traffic:

class-map inspection_default

match default-inspection-traffic

You can create multiple Layer 3/4 class maps for each Layer 3/4 policy map. You can create the

following types of class maps:

Cisco Security Appliance Command Line Configuration Guide

Apply actions to the Layer 3 and 4 traffic. See the

section on page

Activate the actions on an interface. See the

Service Policy" section on page

Creating a Layer 3/4 Class Map for Through Traffic, page 21-3

Creating a Layer 3/4 Class Map for Management Traffic, page 21-5

"Defining Actions Using a Layer 3/4 Policy Map"

"Applying a Layer 3/4 Policy to an Interface Using a

Using Modular Policy Framework

Troubleshooting

Asa 5500 series

Default Global Policy; Identifying Traffic Using A Layer 3/4 Class Map - Cisco PIX 500 Series Configuration Manual

Identifying Traffic Using a Layer 3/4 Class Map

Default Global Policy

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Content for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents