Modular Policy Framework Overview - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Using Modular Policy Framework
This chapter describes how to use Modular Policy Framework to create security policies for TCP and
general connection settings, inspections, IPS, CSC, and QoS.
This chapter includes the following sections:
•
•
•
•
•
•
Modular Policy Framework Overview
Modular Policy Framework provides a consistent and flexible way to configure security appliance
features. For example, you can use Modular Policy Framework to create a timeout configuration that is
specific to a particular TCP application, as opposed to one that applies to all TCP applications.
Modular Policy Framework supports the following features:
•
•
•
•
•
•
•
Configuring Modular Policy Framework consists of four tasks:
1.
2.
OL-10088-01
Modular Policy Framework Overview, page 21-1
Identifying Traffic Using a Layer 3/4 Class Map, page 21-2
Configuring Special Actions for Application Inspections, page 21-5
Defining Actions Using a Layer 3/4 Policy Map, page 21-13
Applying a Layer 3/4 Policy to an Interface Using a Service Policy, page 21-17
Modular Policy Framework Examples, page 21-17
TCP normalization, TCP and UDP connection limits and timeouts, and TCP sequence number
randomization
CSC
Application inspection
IPS
QoS input policing
QoS output policing
QoS priority queue
Identify the Layer 3 and 4 traffic to which you want to apply actions. See the
Using a Layer 3/4 Class Map" section on page
(Application inspection only) Define special actions for application inspection traffic. See the
"Configuring Special Actions for Application Inspections" section on page
C H A P T E R
21-2.
Cisco Security Appliance Command Line Configuration Guide
21
"Identifying Traffic
21-5.
21-1
Advertisement
Table of Contents
Troubleshooting
