Modular Policy Framework Examples; Applying Inspection And Qos Policing To Http Traffic - Cisco PIX 500 Series Configuration Manual

Chapter 21 Using Modular Policy Framework
hostname(config)# service-policy inbound_policy interface outside
The following commands disable the default global policy, and enables a new one called
new_global_policy on all other security appliance interfaces:
hostname(config)# no service-policy global_policy global
hostname(config)# service-policy new_global_policy global

Modular Policy Framework Examples

This section includes several Modular Policy Framework examples, and includes the following topics:
•
•
•
•

Applying Inspection and QoS Policing to HTTP Traffic

In this example (see
security appliance through the outside interface is classified for HTTP inspection. Any HTTP traffic that
exits the outside interface is classified for policing.
Figure 21-1
A
Host A
See the following commands for this example:
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80
hostname(config)# policy-map http_traffic_policy
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)# inspect http
hostname(config-pmap-c)# police output 250000
hostname(config)# service-policy http_traffic_policy interface outside
OL-12172-03
Applying Inspection and QoS Policing to HTTP Traffic, page 21-19
Applying Inspection to HTTP Traffic Globally, page 21-20
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers, page 21-21
Applying Inspection to HTTP Traffic with NAT, page 21-22
Figure 21-1), any HTTP connection (TCP traffic on port 80) that enters or exits the
HTTP Inspection and QoS Policing
appliance
inside
Security
insp.
port 80
police
port 80
insp.
outside
Cisco Security Appliance Command Line Configuration Guide
Modular Policy Framework Examples
Host B
21-19