Cisco ASA 5506-X Configuration Manual page 189
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 7
Inspection of Basic Internet Protocols
•
•
•
•
•
•
•
•
Specify the action you want to perform on the matching traffic by entering the following command:
b.
hostname(config-pmap-c)# {drop-connection [log]| mask [log] | reset [log] | log |
rate-limit message_rate}
Not all options are available for each match command. See the CLI help or the command reference
for the exact options available.
•
•
•
•
•
You can specify multiple match commands in the policy map. For information about the order of match
commands, see
To configure parameters that affect the inspection engine, perform the following steps:
Step 4
To enter parameters configuration mode, enter the following command:
a.
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
Set one or more parameters. You can set the following options; use the no form of the command to
b.
disable the option:
•
•
match [not] header {length | line length} gt bytes—Matches messages where the length or
length of a line in an ESMTP header is greater than the specified number of bytes.
match [not] header to-fields count gt count—Matches messages where the number of To
fields in the header is greater than the specified number.
match [not] invalid-recipients count gt number—Matches messages where the number of
invalid recipients is greater than the specified count.
match [not] mime filetype regex {regex_name | class class_name}—Matches the MIME or
media file type against the specified regular expression or regular expression class.
match [not] mime filename length gt bytes—Matches messages where a file name is longer
than the specified number of bytes.
match [not] mime encoding type [type2...]—Matches the MIME encoding type. You can
specify one or more of the following types: 7bit, 8bit, base64, binary, others, quoted-printable.
match [not] sender-address regex {regex_name | class class_name}—Matches the sender
email address against the specified regular expression or regular expression class.
match [not] sender-address length gt bytes—Matches messages where the sender address is
greater than the specified number of bytes.
The drop-connection keyword drops the packet and closes the connection.
The mask keyword masks out the matching portion of the packet. This action is available for
ehlo-reply-parameter and cmd verb only.
The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
The log keyword, which you can use alone or with one of the other keywords, sends a system
log message.
The rate-limit message_rate argument limits the rate of messages. This option is available with
cmd verb only, where you can use it as the only action, or you can use it in conjunction with
the mask action.
Defining Actions in an Inspection Policy Map, page
mail-relay domain-name action {drop-connection [log] | log}—Identifies a domain name for
mail relay. You can either drop the connection and optionally log it, or log it.
mask-banner—Masks the banner from the ESMTP server.
SMTP and Extended SMTP Inspection
2-4.
Cisco ASA Series Firewall CLI Configuration Guide
7-43
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
