Ftp Inspection - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Application Layer Protocol Inspection
You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the
page
To configure parameters that affect the inspection engine, perform the following steps:
Step 6
a.
b.
c.
The following example shows how to define an ESMTP inspection policy map.
hostname(config)# regex user1 "user1@cisco.com"
hostname(config)# regex user2 "user2@cisco.com"
hostname(config)# regex user3 "user3@cisco.com"
hostname(config)# class-map type regex senders_black_list
hostname(config-cmap)# description "Regular expressions to filter out undesired senders"
hostname(config-cmap)# match regex user1
hostname(config-cmap)# match regex user2
hostname(config-cmap)# match regex user3
hostname(config)# policy-map type inspect esmtp advanced_esmtp_map
hostname(config-pmap)# match sender-address regex class senders_black_list
hostname(config-pmap-c)# drop-connection log
hostname(config)# policy-map outside_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect esmtp advanced_esmtp_map
hostname(config)# service-policy outside_policy interface outside
FTP Inspection
This section describes the FTP inspection engine. This section includes the following topics:
•
•
OL-10088-01
The mask keyword masks out the matching portion of the packet.
The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
The log keyword, which you can use alone or with one of the other keywords, sends a system log
message.
The rate-limit message_rate argument limits the rate of messages.
21-10.
To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
To configure a local domain name, enter the following command:
hostname(config-pmap-p)# mail-relay domain-name action [drop-connection | log]]
Where the drop-connection action closes the connection. The log action sends a system log
message when this policy map matches traffic.
To enforce banner obfuscation, enter the following command:
hostname(config-pmap-p)# mask-banner
FTP Inspection Overview, page 25-26
Using the strict Option, page 25-26
"Defining Actions in an Inspection Policy Map" section on
Cisco Security Appliance Command Line Configuration Guide
FTP Inspection
25-25
Advertisement
Table of Contents
Troubleshooting
