Cisco ASA 5506-X Configuration Manual page 160
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
HTTP Inspection
•
Example:
hostname(config-class)# no inspect ftp
hostname(config-class)# inspect ftp strict ftp-map
Note
If you are editing an existing service policy (such as the default global policy called global_policy), you
Step 5
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Verifying and Monitoring FTP Inspection
FTP application inspection generates the following log messages:
•
•
•
•
•
In conjunction with NAT, the FTP application inspection translates the IP address within the application
payload. This is described in detail in RFC 959.
HTTP Inspection
The following sections describe the HTTP inspection engine.
•
•
Cisco ASA Series Firewall CLI Configuration Guide
7-14
ftp_policy_map is the optional FTP inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the FTP inspection policy map, see
Configure an FTP Inspection Policy Map, page
If you are editing the default global policy (or any in-use policy) to use a different FTP
inspection policy map, you must remove the FTP inspection with the no inspect ftp command,
and then re-add it with the new FTP inspection policy map name.
An Audit record 303002 is generated for each file that is retrieved or uploaded.
The FTP command is checked to see if it is RETR or STOR and the retrieve and store commands
are logged.
The username is obtained by looking up a table providing the IP address.
The username, source IP address, destination IP address, NAT address, and the file operation are
logged.
Audit record 201005 is generated if the secondary dynamic channel preparation failed due to
memory shortage.
HTTP Inspection Overview, page 7-15
Configure HTTP Inspection, page 7-15
Chapter 7
Inspection of Basic Internet Protocols
7-10.
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
