Applying A Layer 3/4 Policy To An Interface Using A Service Policy - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 21
Using Modular Policy Framework
Applying a Layer 3/4 Policy to an Interface Using a Service
Policy
To activate the Layer 3/4 policy map, create a service policy that applies it to one or more interfaces or
that applies it globally to all interfaces. Interface service policies take precedence over the global service
policy.
•
•
For example, the following command enables the inbound_policy policy map on the outside interface:
hostname(config)# service-policy inbound_policy interface outside
The following commands disable the default global policy, and enables a new one called
new_global_policy on all other security appliance interfaces:
hostname(config)# no service-policy global_policy global
hostname(config)# service-policy new_global_policy global
Modular Policy Framework Examples
This section includes several Modular Policy Framework examples, and includes the following topics:
•
•
•
•
OL-10088-01
To create a service policy by associating a policy map with an interface, enter the following
command:
hostname(config)# service-policy policy_map_name interface interface_name
To create a service policy that applies to all interfaces that do not have a specific policy, enter the
following command:
hostname(config)# service-policy policy_map_name global
By default, the configuration includes a global policy that matches all default application inspection
traffic and applies inspection to the traffic globally. You can only apply one global policy, so if you
want to alter the global policy, you need to either edit the default policy or disable it and apply a new
one.
The default service policy includes the following command:
service-policy global_policy global
Applying Inspection and QoS Policing to HTTP Traffic, page 21-18
Applying Inspection to HTTP Traffic Globally, page 21-18
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers, page 21-19
Applying Inspection to HTTP Traffic with NAT, page 21-20
Applying a Layer 3/4 Policy to an Interface Using a Service Policy
Cisco Security Appliance Command Line Configuration Guide
21-17
Advertisement
Table of Contents
Troubleshooting
