Identifying Traffic In An Inspection Class Map - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 21
Using Modular Policy Framework
Create a class map by entering the following command:
Step 2
hostname(config)# class-map type regex match-any class_map_name
hostname(config-cmap)#
Where class_map_name is a string up to 40 characters in length. The name "class-default" is reserved.
All types of class maps use the same name space, so you cannot reuse a name already used by another
type of class map.
The match-any keyword specifies that the traffic matches the class map if it matches only one of the
regular expressions.
The CLI enters class-map configuration mode.
Step 3
(Optional) Add a description to the class map by entering the following command:
hostname(config-cmap)# description string
Identify the regular expressions you want to include by entering the following command for each regular
Step 4
expression:
hostname(config-cmap)# match regex regex_name
The following example creates two regular expressions, and adds them to a regular expression class map.
Traffic matches the class map if it includes the string "example.com" or "example2.com."
hostname(config)# regex url_example example\.com
hostname(config)# regex url_example2 example2\.com
hostname(config)# class-map type regex match-any URLs
hostname(config-cmap)# match regex example
hostname(config-cmap)# match regex example2
Identifying Traffic in an Inspection Class Map
This type of class map allows you to match criteria that is specific to an application. For example, for
DNS traffic, you can match the domain name in a DNS query.
A class map groups multiple traffic matches. Traffic must match all of the match criteria to match the
class map. You can alternatively identify the traffic you want to match directly in the policy map. The
difference between creating a class map and defining the traffic match directly in the inspection policy
map is that the class map lets you group multiple matches, and you can reuse class maps. For the traffic
that you identify in this class map, you can specify actions such as dropping, resetting, and/or logging
the connection in the inspection policy map. If you want to perform different actions on different types
of traffic, you should identify the traffic directly in the policy map.
To define an inspection class map, perform the following steps:
Step 1
Create a class map by entering the following command:
hostname(config)# class-map type inspect application [match-all] class_map_name
hostname(config-cmap)#
Where the application is the application you want to inspect. For supported applications, see
"Configuring Application Layer Protocol Inspection."
The class_map_name argument is the name of the class map up to 40 characters in length.
OL-10088-01
Configuring Special Actions for Application Inspections
Cisco Security Appliance Command Line Configuration Guide
Chapter 25,
21-9
Advertisement
Table of Contents
Troubleshooting
