Cisco ASA 5506-X Configuration Manual page 141
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 6
Getting Started with Application Layer Protocol Inspection
Table 6-2
Keywords
scansafe [map_name] [fail-open |
fail-closed]
sip [map_name]
[tls-proxy proxy_name]
skinny [map_name]
[tls-proxy proxy_name]
snmp [map_name]
sqlnet
sunrpc
tftp
waas
xdmcp
Note
To activate the policy map on one or more interfaces, enter the following command:
Step 6
hostname(config)# service-policy policymap_name {global | interface interface_name}
Protocol Keywords
If you are editing the default global policy (or any in-use policy) to use a different inspection
policy map, you must remove the old inspection with the no inspect protocol command, and then
re-add it with the new inspection policy map name.
Configure Application Layer Protocol Inspection
Notes
If you want to enable ScanSafe (Cloud Web Security), use
the procedure described in the following topic rather than
this procedure:
Configure a Service Policy to Send Traffic to
Cloud Web Security, page
explains the full policy configuration, including how to
configure the policy inspection map.
See
SIP Inspection, page
8-23.
If you added a SIP inspection policy map according to
Configure SIP Inspection Policy Map, page
the map name in this command. Specify a TLS proxy to
enable inspection of encrypted traffic.
See
Skinny (SCCP) Inspection, page
If you added a Skinny inspection policy map according to
Configure a Skinny (SCCP) Inspection Policy Map for
Additional Inspection Control, page
name in this command. Specify a TLS proxy to enable
inspection of encrypted traffic.
See
SNMP Inspection, page
If you added an SNMP inspection policy map, identify the
map name in this command.
See
SQL*Net Inspection, page
See
Sun RPC Inspection, page
The default class map includes UDP port 111; if you want to
enable Sun RPC inspection for TCP port 111, you need to
create a new class map that matches TCP port 111, add the
class to the policy, and then apply the inspect sunrpc
command to that class.
See
TFTP Inspection, page
Enables TCP option 33 parsing. Use when deploying Cisco
Wide Area Application Services products.
See
XDMCP Inspection, page
Cisco ASA Series Firewall CLI Configuration Guide
14-9. The cited procedure
8-25, identify
8-31.
8-33, identify the map
10-15.
9-2.
9-3.
7-45.
10-17.
6-13
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
